Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Penetrating a MySql Server

From: "Adriel T. Desautels" <ad_lists () netragard com>
Date: Thu, 26 Nov 2009 21:41:46 -0500
If you have read permissions, then you can read the error log. If its a PHP based application, which it is, then you can inject a one-line PHP backdoor into the error log by making a "bogus" request against the server. Then the next time you read the error log, your PHP will execute if you do it right. We've used that technique on many occasions to get a shell... works very well. :) 

Does that make sense?


On Nov 23, 2009, at 5:27 AM, r00fsec () gmail com wrote:


Hi!!
So...I have a home server . It uses apache , php and MySql (5.0.77). It doesn't has any site on it but i create a page with a simple sql injection Bug. MySql server is running as root user. Now the goal is to take a shell in this server just for exercise . I know that it is not so easy to find out there a server like this but im now starting to "play" with these things.
I have try some technics but i didnt got the shell yet :p Here is what im doing..
1st I use the load_file() function to see any file in the server like /etc/passwd 2nd i tried to use the technic of into outfile and then use it as Remote Code Execution but occurs an error. Because of the permissions. 

Thats all i had tried in the home server.
Do you have any idea on how to continue penetrate this server ? If you want give me some hints to continue my exercise. 

Thanks!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------





        Adriel T. Desautels
        ad_lists () netragard com
        --------------------------------------

        Subscribe to our blog
        http://snosoft.blogspot.com


------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. 
http://www.iacertification.org
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: