88
Chapter 8
Now let’s use the
nmap
command to request a TCP scan w on our LAN,
looking for port 3306 x. (Note that your IP addresses may differ; in your
terminal, use the
ifconfig
command on Linux or the
ipconfig
command on
Windows to determine your IP address.) The redirect symbol
>
tells the
standard nmap output, which usually goes to the screen, to instead go to
/dev/null, which is simply a place to send output so that it disappears y.
We’re doing this on a local machine, so it doesn’t matter so much, but if you
were to use the script remotely, you’d want to hide the nmap output. We then
send the output of the scan to a file named
MySQLscan in a grep-able format
z
, meaning a format that grep can work on.
The next line displays the
MySQLscan file we stored the output in and
then pipes that output to
grep
to filter for lines that include the keyword
open
{. Then we put those lines into a file named
MySQLscan2 |.
Finally, you display the contents of the file
MySQLscan2. This final file
should only include lines of output from nmap with hosts that have port 3306
open. Save this file as
MySQLscanner.sh and give yourself execute permissions
with
chmod 755
.
Execute the script, like so:
kali >
./MySQLscanner.sh
Host: 192.168.181.69 () Ports: 3306/open/tcp//mysql///
As we can see, this script was able to identify the only IP address on my
LAN with MySQL running. Your results may differ, depending on whether
any ports are running MySQL installations on your local network, of course.