MySQL is an open-source SQL relational database management system developed and supported by Oracle.
Tricks:
instead of select name,password from db \G #To show it table form better
Default conf
cat /etc/mysql/mysql.conf.d/mysqld.cnf | grep -v "#" | sed -r '/^\s*$/d'
# DANGEROUS settings
user #Sets which user the MySQL service will run as.
password #Sets the password for the MySQL user.
admin_address #The IP address on which to listen for TCP/IP connections on the administrative network interface.
debug #This variable indicates the current debugging settings
sql_warnings #This variable controls whether single-row INSERT statements produce an information string if warnings occur.
secure_file_priv #This variable is used to limit the effect of data import and export operations.
Footprinting
sudo nmap <IP> -sV -sC -p3306 --script mysql*
Connect
Local
mysql -u root # Connect to root without password
mysql -u root -p # A password will be asked
Remote
mysql -u root -pPASSWORD <IP>
mysql -h <Hostname> -u root
mysql -h <Hostname> -u root@localhost
Enumeration
nmap -sV -p 3306 --script mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 <IP>
msf> use auxiliary/scanner/mysql/mysql_version
msf> use auxiliary/scanner/mysql/mysql_authbypass_hashdump
msf> use auxiliary/scanner/mysql/mysql_hashdump #Creds
msf> use auxiliary/admin/mysql/mysql_enum #Creds
msf> use auxiliary/scanner/mysql/mysql_schemadump #Creds
msf> use exploit/windows/mysql/mysql_start_up #Execute commands Windows, Creds
