Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: MySQL compromise
From: Josh Miller <joshua () itsecureadmin com>
Date: Tue, 08 Jan 2008 09:11:07 -0800

Clone wrote:
Hello guys,

I'm doing a pen-test. I have compromised a remote
mysql server ver 4.x doing password cracking. Is there
anything  I can do like xp_cmdshell in MSSQL to run OS
or network commands? Is there a way to compromise
their internal network from here?

You can use the 'system' command to execute local commands.

mysql> system ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:83:88:A6 inet addr:x.x.x.x Bcast:x.x.x.255 Mask:255.255.255.0
         inet6 addr: fe80::20c:29ff:fe83:88a6/64 Scope:Link
         UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
         RX packets:1083309 errors:1 dropped:0 overruns:0 frame:0
         TX packets:449639 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:1000
         RX bytes:95073812 (90.6 MiB)  TX bytes:86973259 (82.9 MiB)
         Interrupt:177 Base address:0x1424

lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0
         inet6 addr: ::1/128 Scope:Host
         UP LOOPBACK RUNNING  MTU:16436  Metric:1
         RX packets:1136 errors:0 dropped:0 overruns:0 frame:0
         TX packets:1136 errors:0 dropped:0 overruns:0 carrier:0
         collisions:0 txqueuelen:0
         RX bytes:95738 (93.4 KiB)  TX bytes:95738 (93.4 KiB)


--
Joshua M. Miller - RHCE,VCP


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault