Re: MySQL compromise

[pentestr <pentestr () gmail com>]

Hi guys,

If we are connecting a remote system the "system" command will show our 
local systems NIC configuration.

Regards.
PenTestr.


Josh Miller wrote:
> Clone wrote:
> > Hello guys,
> >
> > I'm doing a pen-test. I have compromised a remote
> > mysql server ver 4.x doing password cracking. Is there
> > anything  I can do like xp_cmdshell in MSSQL to run OS
> > or network commands? Is there a way to compromise
> > their internal network from here?
> >
> >   
> You can use the 'system' command to execute local commands.
>
> mysql> system ifconfig
> eth0      Link encap:Ethernet  HWaddr 00:0C:29:83:88:A6          inet 
> addr:x.x.x.x  Bcast:x.x.x.255  Mask:255.255.255.0
>          inet6 addr: fe80::20c:29ff:fe83:88a6/64 Scope:Link
>          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>          RX packets:1083309 errors:1 dropped:0 overruns:0 frame:0
>          TX packets:449639 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:1000
>          RX bytes:95073812 (90.6 MiB)  TX bytes:86973259 (82.9 MiB)
>          Interrupt:177 Base address:0x1424
>
> lo        Link encap:Local Loopback          inet addr:127.0.0.1  
> Mask:255.0.0.0
>          inet6 addr: ::1/128 Scope:Host
>          UP LOOPBACK RUNNING  MTU:16436  Metric:1
>          RX packets:1136 errors:0 dropped:0 overruns:0 frame:0
>          TX packets:1136 errors:0 dropped:0 overruns:0 carrier:0
>          collisions:0 txqueuelen:0
>          RX bytes:95738 (93.4 KiB)  TX bytes:95738 (93.4 KiB)


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------