Penetration Testing mailing list archives
Re: PENTEST MySQL on windows
From: Tim <tim-pentest () sentinelchicken org>
Date: Thu, 24 Feb 2005 22:44:36 -0500
Doing a pentest on a site hosting a vulnerable verion of MySQL on a Windows box. I was able to get full access to the DB and export ALL the data. Anyone have any ideas on jumping to the Windows OS with full access to Just the DB.
I don't know if you are familiar with this, but MySQL supports a SELECT syntax called OUTFILE that allows you to write output of a query to a file. See: http://dev.mysql.com/doc/mysql/en/select.html This syntax is pretty limited, and the permission to do this can be turned off, but if you have the right privs, and can craft a batch script, and put it in the right place on the filesystem, perhaps it will help. good luck, tim
Current thread:
- PENTEST MySQL on windows Anthony Ruso (Feb 24)
- Re: PENTEST MySQL on windows AdamT (Feb 25)
- Re: PENTEST MySQL on windows Tim (Feb 25)
- Re: PENTEST MySQL on windows Sels, Roger (Feb 25)
- <Possible follow-ups>
- Re: PENTEST MySQL on windows Marco Ivaldi (Feb 25)
- FW: PENTEST MySQL on windows Anthony Ruso (Feb 25)