Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

init CVE-2012-2122 #25

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

init CVE-2012-2122 #25

wants to merge 1 commit into from

Conversation

tangken333
Copy link

This is a bug of mysql, bypass the login verification.

olegbck
olegbck reviewed Nov 19, 2024
View reviewed changes
CVE-2012-2122/data/docker-compose.yml
version: '2'
services:
mysql:
image: vulhub/mysql:5.5.23
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could you please download the Docker image, put it to the data folder and install it from file?

CVE-2012-2122/ubuntu.yml
dest: /opt/CVE-2012-2122

- name: Start Docker Compose services
command: docker compose up -d
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please use built-in community.docker.docker_compose

CVE-2012-2122/cvex.yml
ubuntu:
playbook: ubuntu.yml
command:
- "bash /opt/CVE-2012-2122/poc.sh"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It only shows me this, over and over again:

ERROR 1045 (28000): Access denied for user 'root'@'172.18.0.1' (using password: YES)
mysql: [Warning] Using a password on the command line interface can be insecure.

Perhaps we should execute the mysql command until we succeed? (and skip printing the unsuccessful attempts)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have tested inside the virtual machine (vagrant ssh) a few times. The POC is fine, and it can log in to MySQL very fast (our loop time is enough). Besides, I have an echo to print out login success in the poc.sh, but they didn't show in the output. Could you please let me know how to control the output, like printing out everything and skipping printing the unsuccessful attempts for the virtual machine? Thanks!

Copy link
Collaborator

@olegbck olegbck Nov 20, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I see, "access mysql success" was shown in the very beginning indeed, but I expected it to be at the end:

2024-11-20 16:55:07,569 - INFO - [ubuntu] Executing 'bash /opt/CVE-2012-2122/poc.sh'...
2024-11-20 16:55:17,639 - INFO - [ubuntu] access mysql success

2024-11-20 16:55:17,639 - INFO - [ubuntu] mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'172.18.0.1' (using password: YES)
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'172.18.0.1' (using password: YES)
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1045 (28000): Access denied for user 'root'@'172.18.0.1' (using password: YES)

The POC is fine, and it can log in to MySQL very fast (our loop time is enough)

I don't see that. I only see "access denied" and "access mysql success" that will be always shown. It's just an echo, it is always shown. What am I missing here?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@olegbck olegbck olegbck left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tangken333 @olegbck