Penetration Testing mailing list archives
Re: MySQL compromise
From: Jon Hart <jhart () spoofed org>
Date: Wed, 9 Jan 2008 10:03:54 -0800
On Tue, Jan 08, 2008 at 09:11:07AM -0800, Josh Miller wrote:
Clone wrote:Hello guys, I'm doing a pen-test. I have compromised a remote mysql server ver 4.x doing password cracking. Is there anything I can do like xp_cmdshell in MSSQL to run OS or network commands? Is there a way to compromise their internal network from here?You can use the 'system' command to execute local commands.
system is local to the system running the mysql client. See http://dev.mysql.com/doc/refman/5.0/en/mysql-commands.html. 'load data infile' (http://dev.mysql.com/doc/refman/5.0/en/load-data.html) and 'select ... into outfile ...' (http://dev.mysql.com/doc/refman/5.0/en/select.html) are good starting points. -jon ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- MySQL compromise Clone (Jan 08)
- Re: MySQL compromise Josh Miller (Jan 09)
- Re: MySQL compromise Jon Hart (Jan 10)
- Re: MySQL compromise pentestr (Jan 10)
- Re: MySQL compromise Gleb Paharenko (Jan 09)
- Re: MySQL compromise Claudio Criscione (Jan 09)
- Re: MySQL compromise Laszlo KLOCK (Jan 09)
- Re: MySQL compromise Marco Ivaldi (Jan 15)
- Re: MySQL compromise Kelly Keeton (Jan 09)
- Re: MySQL compromise Josh Miller (Jan 09)