adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
3da170a43c7f288fe9bc88fe325da488733acac3
metasploit-gs/documentation/modules/auxiliary/scanner/db2/db2_auth.md
T
h00die 238bfa9b67 module touchups
2019-11-23 12:59:51 -05:00

33 lines
1.4 KiB
Markdown
Raw Blame History

## Vulnerable Application
This module attempts to authenticate against a DB2 instance using username and password combinations indicated by the `USER_FILE`, `PASS_FILE`, and `USERPASS_FILE` options.
More information can be found on the [Rapid7 Vulnerability & Exploit Database page](https://www.rapid7.com/db/modules/auxiliary/scanner/db2/db2_auth)
## Verification Steps
1. Start msfconsole
2. Do: `use auxiliary/scanner/db2/db2_auth`
3. Do: `set RHOSTS [ip]`
4. Do: `run`
## Scenarios
### A run on Kali Linux 2019.3 and DB2 11.5.0.0a
```
msf > use auxiliary/scanner/db2/db2_auth
msf auxiliary/scanner/db2/db2_auth) > show options
msf auxiliary/scanner/db2/db2_auth) > set USERNAME db2inst1
msf auxiliary/scanner/db2/db2_auth) > set PASSWORD db2pass
msf auxiliary(scanner/db2/db2_auth) > set DATABASE testdb
msf auxiliary/scanner/db2/db2_auth) > set RHOST 172.17.0.2
msf auxiliary/scanner/db2/db2_auth) > run
[-] 172.17.0.2:50000 - 172.17.0.2:50000 - LOGIN FAILED: db2inst1:db2inst1@testdb (Incorrect: )
[-] 172.17.0.2:50000 - 172.17.0.2:50000 - LOGIN FAILED: db2inst1:dasusr1@testdb (Incorrect: )
[-] 172.17.0.2:50000 - 172.17.0.2:50000 - LOGIN FAILED: db2inst1:db2fenc1@testdb (Incorrect: )
[*] 172.17.0.2:50000 - Login Successful: db2inst1:db2pass
[*] 172.17.0.2:50000 - Scanned 1 of 1 hosts (100% complete)
[*] Auxiliary module execution completed
```
Reference in New Issue View Git Blame Copy Permalink