Connecting directly to database with credentials in SQLMap
Credentials for MySQL include not only a username and a password, but also a set of allowed IP addresses. So, even if we have the correct username and password, but the connection is established from a not allowed IP, we will get the 1045 "Access denied" error from sqlmap.
To illustrate the problem, I setup a test database testdb
with user admin
. Here are the user's credentials:
MariaDB [testdb]> select host,user,password from mysql.user where user='admin';
+-------------+-------+-------------------------------------------+
| host | user | password |
+-------------+-------+-------------------------------------------+
| 92.168.0.20 | admin | *00A51F3F48415C7D4E8900010101010101010101 |
+-------------+-------+-------------------------------------------+
As it is shown in the host
column, the user admin
is allowed to access the server only from the IP 92.168.0.20. Now, if I run sqlmap from this IP it succeeds:
$ sudo sqlmap -d 'mysql://admin:[email protected]:3306/testdb'
...
[*] starting at 09:28:43
[09:28:43] [INFO] connection to mysql server 92.168.0.99:3306 established
[09:28:43] [INFO] testing MySQL
[09:28:43] [INFO] resumed: [[u'1']]...
[09:28:43] [INFO] confirming MySQL
[09:28:43] [INFO] resumed: [[u'1']]...
[09:28:43] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0
[09:28:43] [INFO] connection to mysql server 92.168.0.99:3306 closed
[*] shutting down at 09:28:43
If I run sqlmap from a different IP it fails with the 1045 "Access denied" error (exactly as in your output):
$ sudo sqlmap -d 'mysql://admin:[email protected]:3306/testdb'
...
[*] starting at 09:32:00
[09:32:00] [CRITICAL] SQLAlchemy connection issue ('(_mysql_exceptions.OperationalError)
(1045, "Access denied for user 'admin'@'92.168.0.55' (using password: YES)")')
[*] shutting down at 09:32:00
So, if you are sure that you have the correct username and password, the problem is highly likely in the allowed IPs. When creating a MySQL user, it is common practice to allow access only from localhost. Therefore, you may have the correct username and password, but you can use them only locally on the server. On the other hand, the fact that the server accepts connections from outside may indicate that some other IP's are allowed to connect. In this case, you have to find out which IP's are allowed and connect from one of those.
CatChMeIfUCan
You Have a Mission, I Have a Vision! :) Votes won't charge you any !! be Open handed !
Updated on June 27, 2022Comments
-
CatChMeIfUCan almost 2 years
I have the credentials of a TARGET website database and SQLMap Claims that you can connect to the database directly Here are my Commands on SQLMap in Kali Linux
sudo sqlmap -d mysql://USER:PASSWORD@TARGET_IP:MySQL_Port/DATABASE
example
sudo sqlmap -d mysql://admin:[email protected]:3306/information_schema
but this is the error I get every time
[CRITICAL] SQLAchemy connection issue ('(_mysql_exceptions.OperationalError) (1045, "Access denied for user 'admin'@'17.45.65.11' (using password: YES)")')
The IP
17.45.65.11
was my IP ofc which deniedSo is there a Problem with my command?
OR anyone knows a better way to connect directly to a target database with credentials?
-
Tarun Lalwani about 6 yearsDoes your SQL server provide remote access? Most times default config doesn't open external access. See this thread stackoverflow.com/questions/8348506/…
-
CatChMeIfUCan about 6 yearsis not my server its a TARGET
-
Tarun Lalwani about 6 yearsCan you paste the the output you got from sqlmap? You can mask any sensitive data before posting that log
-
CatChMeIfUCan about 6 years@TarunLalwani already post above!
[CRITICAL] SQLAlchemy connection issue ('(_mysql_exceptions.OperationalError) (1045, "Access denied for user 'admin'@'17.45.65.11' (using password: YES)")')
this means my credentials are correct but server denied my ip... there must be a way -
SergiyKolesnikov about 6 yearsAccording to this explanation of the 1045 error, it may be wrong credentials (wrong user or password) or your IP (17.45.65.11) is not allowed to connect.
-
CatChMeIfUCan about 6 years@SergiyKolesnikovI am 100% sure that the credentials are correct because the target is using the same credentials but the problem is ip denial which causing issue tried tons of ip's Dedicated ones! need a solution to bypass that
-
SuperShoot about 6 yearsJust an idea but could it be that the database is setup with
--ssl-mode=REQUIRED
or the user hasREQUIRE SSL
orREQUIRE X509
? -
SergiyKolesnikov about 6 years@CatChMeIfUCan As I said, the same error (1045) occurs if the connecting IP was not granted access to the database. It is common practice to allow access only to localhost, when creating a database user. So, you may have the correct username and password, but you can use them only locally on the server. On the other hand, the fact that the server accepts connections from outside may indicate that some other IP's are allowed to connect. In this case, you have to find out which IP's are allowed and connect from one of those. But, this has nothing to do with sqlmap. It is a different problem.
-
CatChMeIfUCan about 6 years@SergiyKolesnikov finding IP's is a good idea actually and ofc has nothing to do with sqlmap BUT SQLmap Claim that you can connect to external databases there are a lot of video's and articles
-
CatChMeIfUCan about 6 years@georgexsh it's a vulnerability penetration! I have the same statements on my website
-
-
CatChMeIfUCan about 6 yearsI'm aware of SQL Privileges... Please Read the Question Carefully It's a TARGET e.g someone else trying to hack or test the vulnerabilities
-
Tarun Lalwani about 6 yearsGot it now, what you meant. Let me check something and get back
-
CatChMeIfUCan about 6 years@TarunLalwani thanks, i will appreciate if you find a way
-
Rick James about 6 yearsSorry, I did not what you meant by TARGET. 1045 means bad password. So that is a line of defense. Another is to be sure to limit which IP addresses admin can come from. I was hoping to see that from the
SHOWs
. -
CatChMeIfUCan about 6 yearsplease read the question carefully its a target database not mine
-
CatChMeIfUCan about 6 years@RickJames well when i put a different password it gives me another error the user is using same credentials as a successful connect through his website i just copy past the credentials from his config file so pretty sure credentials are correct problem is ip denial
-
CatChMeIfUCan about 6 yearsthank you for your explanation! now do you have any idea how can I search for allowed ip's? I got kali Linux penetration tools also
-
SergiyKolesnikov about 6 years@CatChMeIfUCan Good question... I would ask it on security.stackexchange.com
-
CatChMeIfUCan about 6 yearssecurity.stackexchange.com/questions/181076/… is it clear enough?
-
Rick James about 6 years
SELECT host, plugin FROM mysql.user WHERE user = 'admin';
will provide a list of the IPs / CDRs / hostnames that have been allowed foradmin
.