Connecting directly to database with credentials in SQLMap

python mysql sqlalchemy sql-injection sqlmap

12,999

Credentials for MySQL include not only a username and a password, but also a set of allowed IP addresses. So, even if we have the correct username and password, but the connection is established from a not allowed IP, we will get the 1045 "Access denied" error from sqlmap.

To illustrate the problem, I setup a test database testdb with user admin. Here are the user's credentials:

MariaDB [testdb]> select host,user,password from mysql.user where user='admin';
+-------------+-------+-------------------------------------------+
| host        | user  | password                                  |
+-------------+-------+-------------------------------------------+
| 92.168.0.20 | admin | *00A51F3F48415C7D4E8900010101010101010101 |
+-------------+-------+-------------------------------------------+

As it is shown in the host column, the user admin is allowed to access the server only from the IP 92.168.0.20. Now, if I run sqlmap from this IP it succeeds:

$ sudo sqlmap -d 'mysql://admin:[email protected]:3306/testdb'

...

[*] starting at 09:28:43

[09:28:43] [INFO] connection to mysql server 92.168.0.99:3306 established
[09:28:43] [INFO] testing MySQL
[09:28:43] [INFO] resumed: [[u'1']]...
[09:28:43] [INFO] confirming MySQL
[09:28:43] [INFO] resumed: [[u'1']]...
[09:28:43] [INFO] the back-end DBMS is MySQL
back-end DBMS: MySQL >= 5.0.0
[09:28:43] [INFO] connection to mysql server 92.168.0.99:3306 closed

[*] shutting down at 09:28:43

If I run sqlmap from a different IP it fails with the 1045 "Access denied" error (exactly as in your output):

$ sudo sqlmap -d 'mysql://admin:[email protected]:3306/testdb'

...

[*] starting at 09:32:00

[09:32:00] [CRITICAL] SQLAlchemy connection issue ('(_mysql_exceptions.OperationalError)
  (1045, "Access denied for user 'admin'@'92.168.0.55' (using password: YES)")')

[*] shutting down at 09:32:00

So, if you are sure that you have the correct username and password, the problem is highly likely in the allowed IPs. When creating a MySQL user, it is common practice to allow access only from localhost. Therefore, you may have the correct username and password, but you can use them only locally on the server. On the other hand, the fact that the server accepts connections from outside may indicate that some other IP's are allowed to connect. In this case, you have to find out which IP's are allowed and connect from one of those.

12,999

Author by

CatChMeIfUCan

You Have a Mission, I Have a Vision! :) Votes won't charge you any !! be Open handed !

Updated on June 27, 2022

Comments

CatChMeIfUCan almost 2 years
I have the credentials of a TARGET website database and SQLMap Claims that you can connect to the database directly Here are my Commands on SQLMap in Kali Linux
```
sudo sqlmap -d mysql://USER:PASSWORD@TARGET_IP:MySQL_Port/DATABASE
```
example
```
sudo sqlmap -d mysql://admin:[email protected]:3306/information_schema
```
but this is the error I get every time
```
[CRITICAL]  SQLAchemy connection issue ('(_mysql_exceptions.OperationalError)
(1045, "Access denied for user 'admin'@'17.45.65.11' (using password: YES)")')
```
The IP 17.45.65.11 was my IP ofc which denied

So is there a Problem with my command?

OR anyone knows a better way to connect directly to a target database with credentials?
- Tarun Lalwani about 6 years
  
  Does your SQL server provide remote access? Most times default config doesn't open external access. See this thread stackoverflow.com/questions/8348506/…
- CatChMeIfUCan about 6 years
  
  is not my server its a TARGET
- Tarun Lalwani about 6 years
  
  Can you paste the the output you got from sqlmap? You can mask any sensitive data before posting that log
- CatChMeIfUCan about 6 years
  
  @TarunLalwani already post above! [CRITICAL] SQLAlchemy connection issue ('(_mysql_exceptions.OperationalError) (1045, "Access denied for user 'admin'@'17.45.65.11' (using password: YES)")') this means my credentials are correct but server denied my ip... there must be a way
- SergiyKolesnikov about 6 years
  
  According to this explanation of the 1045 error, it may be wrong credentials (wrong user or password) or your IP (17.45.65.11) is not allowed to connect.
- CatChMeIfUCan about 6 years
  
  @SergiyKolesnikovI am 100% sure that the credentials are correct because the target is using the same credentials but the problem is ip denial which causing issue tried tons of ip's Dedicated ones! need a solution to bypass that
- SuperShoot about 6 years
  
  Just an idea but could it be that the database is setup with --ssl-mode=REQUIRED or the user has REQUIRE SSL or REQUIRE X509?
- SergiyKolesnikov about 6 years
  
  @CatChMeIfUCan As I said, the same error (1045) occurs if the connecting IP was not granted access to the database. It is common practice to allow access only to localhost, when creating a database user. So, you may have the correct username and password, but you can use them only locally on the server. On the other hand, the fact that the server accepts connections from outside may indicate that some other IP's are allowed to connect. In this case, you have to find out which IP's are allowed and connect from one of those. But, this has nothing to do with sqlmap. It is a different problem.
- CatChMeIfUCan about 6 years
  
  @SergiyKolesnikov finding IP's is a good idea actually and ofc has nothing to do with sqlmap BUT SQLmap Claim that you can connect to external databases there are a lot of video's and articles
- CatChMeIfUCan about 6 years
  
  @georgexsh it's a vulnerability penetration! I have the same statements on my website
CatChMeIfUCan about 6 years

I'm aware of SQL Privileges... Please Read the Question Carefully It's a TARGET e.g someone else trying to hack or test the vulnerabilities
Tarun Lalwani about 6 years

Got it now, what you meant. Let me check something and get back
CatChMeIfUCan about 6 years

@TarunLalwani thanks, i will appreciate if you find a way
Rick James about 6 years

Sorry, I did not what you meant by TARGET. 1045 means bad password. So that is a line of defense. Another is to be sure to limit which IP addresses admin can come from. I was hoping to see that from the SHOWs.
CatChMeIfUCan about 6 years

please read the question carefully its a target database not mine
CatChMeIfUCan about 6 years

@RickJames well when i put a different password it gives me another error the user is using same credentials as a successful connect through his website i just copy past the credentials from his config file so pretty sure credentials are correct problem is ip denial
CatChMeIfUCan about 6 years

thank you for your explanation! now do you have any idea how can I search for allowed ip's? I got kali Linux penetration tools also
SergiyKolesnikov about 6 years

@CatChMeIfUCan Good question... I would ask it on security.stackexchange.com
CatChMeIfUCan about 6 years

security.stackexchange.com/questions/181076/… is it clear enough?
Rick James about 6 years

SELECT host, plugin FROM mysql.user WHERE user = 'admin'; will provide a list of the IPs / CDRs / hostnames that have been allowed for admin.