Penetration Testing mailing list archives

Re: PENTEST MySQL on windows

From: Tim <tim-pentest () sentinelchicken org>
Date: Thu, 24 Feb 2005 22:44:36 -0500

Doing a pentest on a site hosting a vulnerable verion of MySQL on a
Windows box. I was able to get full access to the DB and export ALL the
data. Anyone have any ideas on jumping to the Windows OS with full
access to Just the DB.


I don't know if you are familiar with this, but MySQL supports a SELECT
syntax called OUTFILE that allows you to write output of a query to a
file.  See:
  http://dev.mysql.com/doc/mysql/en/select.html

This syntax is pretty limited, and the permission to do this can be
turned off, but if you have the right privs, and can craft a batch
script, and put it in the right place on the filesystem, perhaps it will
help.

good luck,
tim

Current thread:

PENTEST MySQL on windows Anthony Ruso (Feb 24)
- Re: PENTEST MySQL on windows AdamT (Feb 25)
- Re: PENTEST MySQL on windows Tim (Feb 25)
- Re: PENTEST MySQL on windows Sels, Roger (Feb 25)
- <Possible follow-ups>
- Re: PENTEST MySQL on windows Marco Ivaldi (Feb 25)
- FW: PENTEST MySQL on windows Anthony Ruso (Feb 25)