Full Disclosure mailing list archives
Re: MySQL (Linux) Database Privilege Elevation Zeroday Exploit
From: kai () rhynn net
Date: Tue, 04 Dec 2012 07:25:32 +0700
Hi all,wrote some shitcode for mysql user&hash enumeration when having FILE privilege. surely you could do it with simple bash one-liner using mysql+grep+sed, but we're not going the easy way, right?
the first thought was "hey, what about changing root password directly in file user.MYD?" but then...
file_name cannot be an existing file, which among other things prevents files such as /etc/passwd and database tables from being destroyed.
anyway we have Nvidia cards and Hashcat. Cheers, Kai
Attachment:
mysql_file.php
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MySQL (Linux) Database Privilege Elevation Zeroday Exploit king cope (Dec 01)
- Re: MySQL (Linux) Database Privilege Elevation Zeroday Exploit Michael Wood (Dec 01)
- Re: MySQL (Linux) Database Privilege Elevation Zeroday Exploit Kurt Seifried (Dec 02)
- Re: MySQL (Linux) Database Privilege Elevation Zeroday Exploit Eren Yağdıran (Dec 04)
- <Possible follow-ups>
- Re: MySQL (Linux) Database Privilege Elevation Zeroday Exploit kai (Dec 05)