April 2019
Intermediate to advanced
508 pages
11h 57m
English
We have now discovered an RDS instance whose MySQL service is listening publicly. We have also identified a set of valid usernames.
Our next step is to brute-force the login and the valid password for our admin user.
For this exercise, we will use Hydra to brute-force the MySQL service and find the password:
hydra -l admin -P rockyou.txt <RDS IP Address> mysql
Once we have our valid set of credentials, ...
Read now
Unlock full access