Penetration Testing mailing list archives
Re: MySQL compromise
From: "Kelly Keeton" <kellyrkeeton () gmail com>
Date: Tue, 8 Jan 2008 09:31:47 -0800
all depends on what you have access to and where you can go some sites i would recommend checking out.... http://www.milw0rm.com/ http://www.metasploit.com/ http://www.remote-exploit.org/backtrack.html http://de-ice.net/ you cant just hack out a password from a webapplication and expect that now you have access to all the goodies. you need to poke around see if you can break out of sql (or have root) i dont know what you mean by "compromise" by your lack of description I assume that you just got a user password to a database server, so you can possible exploit the server corrupt data possibly break out, but it all depends on what knowledge you can gather what you can do to get back any lack of security they might have. I would recommend dooing a little research on the differences of MYSQL vs MSSQL as the idea of hack hack command prompt arnt the same On Jan 4, 2008 6:40 AM, Clone <c70n3 () yahoo co in> wrote:
Hello guys, I'm doing a pen-test. I have compromised a remote mysql server ver 4.x doing password cracking. Is there anything I can do like xp_cmdshell in MSSQL to run OS or network commands? Is there a way to compromise their internal network from here? Clone Save all your chat conversations. Find them online at http://in.messenger.yahoo.com/webmessengerpromo.php ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- MySQL compromise Clone (Jan 08)
- Re: MySQL compromise Josh Miller (Jan 09)
- Re: MySQL compromise Jon Hart (Jan 10)
- Re: MySQL compromise pentestr (Jan 10)
- Re: MySQL compromise Gleb Paharenko (Jan 09)
- Re: MySQL compromise Claudio Criscione (Jan 09)
- Re: MySQL compromise Laszlo KLOCK (Jan 09)
- Re: MySQL compromise Marco Ivaldi (Jan 15)
- Re: MySQL compromise Kelly Keeton (Jan 09)
- Re: MySQL compromise Josh Miller (Jan 09)