3306 - Pentesting Mysql

Resources :

Hacktricks

MySQL is an open-source SQL relational database management system developed and supported by Oracle.

Tricks:

instead of select name,password from db \G #To show it table form better

Default conf

cat /etc/mysql/mysql.conf.d/mysqld.cnf | grep -v "#" | sed -r '/^\s*$/d'
# DANGEROUS settings
user	#Sets which user the MySQL service will run as.
password	#Sets the password for the MySQL user.
admin_address	#The IP address on which to listen for TCP/IP connections on the administrative network interface.
debug	#This variable indicates the current debugging settings
sql_warnings	#This variable controls whether single-row INSERT statements produce an information string if warnings occur.
secure_file_priv	#This variable is used to limit the effect of data import and export operations.

Footprinting

sudo nmap <IP> -sV -sC -p3306 --script mysql*

Connect

Local

mysql -u root # Connect to root without password
mysql -u root -p # A password will be asked

Remote

mysql -u root -pPASSWORD <IP>
mysql -h <Hostname> -u root
mysql -h <Hostname> -u root@localhost

Enumeration

nmap -sV -p 3306 --script mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 <IP>
msf> use auxiliary/scanner/mysql/mysql_version
msf> use auxiliary/scanner/mysql/mysql_authbypass_hashdump
msf> use auxiliary/scanner/mysql/mysql_hashdump #Creds
msf> use auxiliary/admin/mysql/mysql_enum #Creds
msf> use auxiliary/scanner/mysql/mysql_schemadump #Creds 
msf> use exploit/windows/mysql/mysql_start_up #Execute commands Windows, Creds

Bruteforce hacktricks!

Checkout link for more useful command and cheatsheets

Previous2049 - NFS Pentesting Next3389 - Pentesting RDP

Last updated 3 years ago