Please note, this is a growing document, visit regularly.
SQL
Okay so you've enumerated a box and you see port 3306 open. How can you tell which sql option is running? Nmap has a script for that!
Check out the below where I've done a service version nmap scan and found this port. Using nmap sql-info script, I was able to tell it was a MariaDB version and what capabilities it has.
└─$ sudo nmap -sV 10.129.95.232
Starting Nmap 7.92 ( https://nmap.org ) at 2022-08-01 17:48 EDT
Nmap scan report for 10.129.95.232
Host is up (0.031s latency).
Not shown: 999 closed tcp ports (reset)
PORT STATE SERVICE VERSION
3306/tcp open mysql?
┌──(kali㉿kali)-[~]
└─$ nmap --script=mysql-info 10.129.95.232
Starting Nmap 7.92 ( https://nmap.org ) at 2022-08-01 17:58 EDT
Nmap scan report for 10.129.95.232
Host is up (0.023s latency).
Not shown: 999 closed tcp ports (conn-refused)
PORT STATE SERVICE
3306/tcp open mysql
| mysql-info:
| Protocol: 10
| Version: 5.5.5-10.3.27-MariaDB-0+deb10u1
| Thread ID: 67
| Capabilities flags: 63486
| Some Capabilities: Support41Auth, FoundRows, DontAllowDatabaseTableColumn, SupportsLoadDataLocal, SupportsTransactions, LongColumnFlag, SupportsCompression, Speaks41ProtocolOld, Speaks41ProtocolNew, IgnoreSigpipes, ConnectWithDatabase, InteractiveClient, ODBCClient, IgnoreSpaceBeforeParenthesis, SupportsMultipleResults, SupportsMultipleStatments, SupportsAuthPlugins
| Status: Autocommit
| Salt: AL8tahgN-8oGUV11A3y,
|_ Auth Plugin Name: mysql_native_password
Comments