Penetration Testing mailing list archives
Re: PENTEST MySQL on windows
From: "Sels, Roger" <roger.sels () gov-fbi net>
Date: Fri, 25 Feb 2005 09:36:36 +0100 (CET)
Hi ALL, Doing a pentest on a site hosting a vulnerable verion of MySQL on a Windows box. I was able to get full access to the DB and export ALL the data. Anyone have any ideas on jumping to the Windows OS with full access to Just the DB. Thanks
Hi Anthony, If the MySQL server is vulnerable, you could try using stored procedures & extended stored procedures (XP) such as xp_cmdshell , which will allow you to execute code. XP's are written in high-languages like C and compiled into .DLL's. The advantage is that the DLL just needs to be present on the machine to be able to exploit it, much like the .dll's needed to exploit some ISAPI IIS extensions ;) e.g. SQL XP: exec master..xp_cmdshell 'dir' would obtain a directory listing of the current working directory of the SQL Server process. Check out the most excellent paper "Advanced SQL Injection techniques" by Chris Anley. (http://www.nextgenss.com/papers/advanced_sql_injection.pdf ) Viewable as HTML if you use google, but I guess that's obvious ;) Good luck! Roger -- Under capitalism, man exploits man. Under communism, it's just the opposite. J.K.Galbraith
Current thread:
- PENTEST MySQL on windows Anthony Ruso (Feb 24)
- Re: PENTEST MySQL on windows AdamT (Feb 25)
- Re: PENTEST MySQL on windows Tim (Feb 25)
- Re: PENTEST MySQL on windows Sels, Roger (Feb 25)
- <Possible follow-ups>
- Re: PENTEST MySQL on windows Marco Ivaldi (Feb 25)
- FW: PENTEST MySQL on windows Anthony Ruso (Feb 25)