adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3da170a43c7f288fe9bc88fe325da488733acac3
metasploit-gs/documentation/modules/auxiliary/scanner/db2/db2_auth.md
T
h00die 238bfa9b67 module touchups
2019-11-23 12:59:51 -05:00

1.4 KiB
Raw Blame History

Vulnerable Application

This module attempts to authenticate against a DB2 instance using username and password combinations indicated by the USER_FILE, PASS_FILE, and USERPASS_FILE options.

More information can be found on the Rapid7 Vulnerability & Exploit Database page

Verification Steps

  1. Start msfconsole
  2. Do: use auxiliary/scanner/db2/db2_auth
  3. Do: set RHOSTS [ip]
  4. Do: run

Scenarios

A run on Kali Linux 2019.3 and DB2 11.5.0.0a

```
msf > use auxiliary/scanner/db2/db2_auth
msf auxiliary/scanner/db2/db2_auth) > show options
msf auxiliary/scanner/db2/db2_auth) > set USERNAME db2inst1
msf auxiliary/scanner/db2/db2_auth) > set PASSWORD db2pass
msf auxiliary(scanner/db2/db2_auth) > set DATABASE testdb
msf auxiliary/scanner/db2/db2_auth) > set RHOST 172.17.0.2
msf auxiliary/scanner/db2/db2_auth) > run
  [-] 172.17.0.2:50000      - 172.17.0.2:50000 - LOGIN FAILED: db2inst1:db2inst1@testdb (Incorrect: )
  [-] 172.17.0.2:50000      - 172.17.0.2:50000 - LOGIN FAILED: db2inst1:dasusr1@testdb (Incorrect: )
  [-] 172.17.0.2:50000      - 172.17.0.2:50000 - LOGIN FAILED: db2inst1:db2fenc1@testdb (Incorrect: )
  [*] 172.17.0.2:50000      - Login Successful: db2inst1:db2pass
  [*] 172.17.0.2:50000      - Scanned 1 of 1 hosts (100% complete)
  [*] Auxiliary module execution completed
```
Reference in New Issue View Git Blame Copy Permalink