I need help with Understanding these steps. How do I find this information? What commands should I use? Our teacher is e
Posted: Sun Jul 03, 2022 12:00 pm
I need help with Understanding these steps. How do I find thisinformation? What commands should I use? Our teacher is exceedinglyvague about how the class can go about completing these, as theprofessor is under the impression that everyone knows how to workLinux systems. There are some commands listed in the lab, but theydon't mean anything if I can't get to that step. Please help!
________________________________________________________________________
1. Find the WordPress configuration file(s). This may require alittle poking around, but you will know when you have found itbecause it will have MySQL user credentials. You are looking for aMySQL username and password. Recover all potential usernames andpasswords that you can find in configuration files.
2. Now let’s examine MySQL. Get a SQL shell. The followingcommand opens a SQL shell. The option -u is used to enter theusername. mysql -u root
3. Enumerate the databases and recover the stored hashes forMySQL and WordPress users. The basic process is to identify thedatabases in the DBMS, locate tables in the discovered databasesthat seem likely to hold user credentials, then enumerate columnsin those tables. Finally, list out columns that are likely tohave usernames and passwords using a SELECT query. Note, you willfind DBMS user credentials in a database cleverly named MySQL andpossibly other credentials in databases associated withapplications.
4. Create a MySQL user with a weak password. See the followingexample. CREATE USER 'newuser'@'localhost' IDENTIFIED BY'password';
5. Recover the stored password hash. By now you should havealready figured out where to find DBMS passwords. Extract thehashed password that you just created. Capture screenshots of thediscovered credentials.
6. Password reuse is a common problem. You have recovered at leastone password at this point. Now, test to determine if that passwordhas been used in other places, such as the WordPress application orfor an OS user account. Note, you can force a password prompt froma Linux user account by attempting to change the user’s passwordusing passwd command. Report the accounts you were able to accessusing recovered passwords.
________________________________________________________________________
1. Find the WordPress configuration file(s). This may require alittle poking around, but you will know when you have found itbecause it will have MySQL user credentials. You are looking for aMySQL username and password. Recover all potential usernames andpasswords that you can find in configuration files.
2. Now let’s examine MySQL. Get a SQL shell. The followingcommand opens a SQL shell. The option -u is used to enter theusername. mysql -u root
3. Enumerate the databases and recover the stored hashes forMySQL and WordPress users. The basic process is to identify thedatabases in the DBMS, locate tables in the discovered databasesthat seem likely to hold user credentials, then enumerate columnsin those tables. Finally, list out columns that are likely tohave usernames and passwords using a SELECT query. Note, you willfind DBMS user credentials in a database cleverly named MySQL andpossibly other credentials in databases associated withapplications.
4. Create a MySQL user with a weak password. See the followingexample. CREATE USER 'newuser'@'localhost' IDENTIFIED BY'password';
5. Recover the stored password hash. By now you should havealready figured out where to find DBMS passwords. Extract thehashed password that you just created. Capture screenshots of thediscovered credentials.
6. Password reuse is a common problem. You have recovered at leastone password at this point. Now, test to determine if that passwordhas been used in other places, such as the WordPress application orfor an OS user account. Note, you can force a password prompt froma Linux user account by attempting to change the user’s passwordusing passwd command. Report the accounts you were able to accessusing recovered passwords.