MySQL
Pre Enumeration
Nmap Scanning
If can access
If Mysql is running as root and you have access, you can run commands:
Always test root:root credential
Username Enumeration
Connection
SQL Command
http://g2pc1.bu.edu/~qzpeng/manual/MySQL%20Commands.htm
Post Enumeration
MySQL server configuration file
Unix
Windows
Command History
Log Files
Finding passwords to MySQL
You might gain access to a shell by uploading a reverse-shell. And then you need to escalate your privilege.
Look into the database and see what users and passwords that are available.
Getting all the information from inside the database
Last updated