Penetration Testing mailing list archives
Penetrating a MySql Server
From: r00fsec () gmail com
Date: 23 Nov 2009 10:27:59 -0000
Hi!! So...I have a home server . It uses apache , php and MySql (5.0.77). It doesn't has any site on it but i create a page with a simple sql injection Bug. MySql server is running as root user. Now the goal is to take a shell in this server just for exercise . I know that it is not so easy to find out there a server like this but im now starting to "play" with these things. I have try some technics but i didnt got the shell yet :p Here is what im doing.. 1st I use the load_file() function to see any file in the server like /etc/passwd 2nd i tried to use the technic of into outfile and then use it as Remote Code Execution but occurs an error. Because of the permissions. Thats all i had tried in the home server. Do you have any idea on how to continue penetrate this server ? If you want give me some hints to continue my exercise. Thanks! ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Penetrating a MySql Server r00fsec (Nov 23)
- Re: Penetrating a MySql Server Adriel T. Desautels (Nov 30)