MySQL Jutsus
MySQL Jutsus
1. Default port
The default port for MySQL, MariaDB is 3306.
2. Connection
Usually not allowed to connect via remote host. Sometimes it is misconfigured.
Local:mysql -u root # Connect to root without password mysql -u root -p # A password will be askedRemote:
mysql -h 192.168.58.101 -u root mysql -h 192.168.58.101 -u root@localhostTry sqsh too.
3. Local Priv Esc for MySQL Version 5.5.x/5.6.x/5.7.x
If version is low enough, you can import a .so library if mysql root user. Hacktricks has worked. Look on PG-Banzai too.
https://book.hacktricks.xyz/network-services-pentesting/pentesting-mysql
locate "*lib_mysqludf_sys*" # This works, already on Kali
4. Brute-force MySQL
hydra -L usernames.txt -P pass.txt 192.168.34.33 mysql hydra -L usernames.txt -P pass.txt -M targets.txt mysql msf> use auxiliary/scanner/mysql/mysql_login; set VERBOSE false
Comments
Post a Comment