The way mysql_native_password is calculating the client password that is sent in the Login Request is using this formular ( documented here): SHA1( password ) XOR MariaDB Extended Client Capabilities: 0x00000005 Our client responds with the Login Request: MySQL Protocol MariaDB Extended Server Capabilities: 0x00000007 Server Language: latin1 COLLATE latin1_swedish_ci (8) Lets observe a wireshark dump of a mysql_native_password authentication of username "apoc" with the password "rockyou".įirst we receive a MySQL Protocol Server Greeting (using MariaDB 10.3.31): MySQL Protocol I've looked at MySQL documentation and searched the Internet and can't seem to find anything on this. WireShark Login Packet #3: MAX Packet: 16777216 WireShark Login Packet #2: MAX Packet: 16777216 Password: ada5be054b6a9b44eaa0d86e33fb9442e8af7169Ĭlient Auth Plugin: mysql_native_password WireShark Login Packet #1: MAX Packet: 16777216Ĭharset: utf8 COLLATE utf8_general_ci (33) What's even weirder is the password changes in the packet, each time I log in. The username is in the clear, but the password doesn't equal the hashed password from the database. So, when I capture the packet containing the credentials, I'm expecting to see the username in the clear and the hashed password being passed, but that's not what I see. I've done some digging and I read that the MySQL client hashes the password before sending even when passing unencrypted. I'm in a test environment trying to use Wireshark to capture credentials being passed to MySQL.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |