Penetration Testing mailing list archives

Re: MySQL compromise

From: "Kelly Keeton" <kellyrkeeton () gmail com>
Date: Tue, 8 Jan 2008 09:31:47 -0800

all depends on what you have access to and where you can go some sites
i would recommend checking out....

http://www.milw0rm.com/
http://www.metasploit.com/
http://www.remote-exploit.org/backtrack.html
http://de-ice.net/

you cant just hack out a password from a webapplication and expect
that now you have access to all the goodies. you need to poke around
see if you can break out of sql (or have root) i dont know what you
mean by "compromise" by your lack of description I assume that you
just got a user password to a database server, so you can possible
exploit the server corrupt data possibly break out, but it all depends
on what knowledge you can gather what you can do to get back any lack
of security they might have. I would recommend dooing a little
research on the differences of MYSQL vs MSSQL as the idea of hack hack
command prompt arnt the same


On Jan 4, 2008 6:40 AM, Clone <c70n3 () yahoo co in> wrote:

Hello guys,

I'm doing a pen-test. I have compromised a remote
mysql server ver 4.x doing password cracking. Is there
anything  I can do like xp_cmdshell in MSSQL to run OS
or network commands? Is there a way to compromise
their internal network from here?

Clone


      Save all your chat conversations. Find them online at http://in.messenger.yahoo.com/webmessengerpromo.php


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

Current thread:

MySQL compromise Clone (Jan 08)
- Re: MySQL compromise Josh Miller (Jan 09)
  - Re: MySQL compromise Jon Hart (Jan 10)
  - Re: MySQL compromise pentestr (Jan 10)
- Re: MySQL compromise Gleb Paharenko (Jan 09)
- Re: MySQL compromise Claudio Criscione (Jan 09)
- Re: MySQL compromise Laszlo KLOCK (Jan 09)
  - Re: MySQL compromise Marco Ivaldi (Jan 15)
- Re: MySQL compromise Kelly Keeton (Jan 09)