Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: MySQL compromise
From: "Kelly Keeton" <kellyrkeeton () gmail com>
Date: Tue, 8 Jan 2008 09:31:47 -0800

all depends on what you have access to and where you can go some sites
i would recommend checking out....

http://www.milw0rm.com/
http://www.metasploit.com/
http://www.remote-exploit.org/backtrack.html
http://de-ice.net/

you cant just hack out a password from a webapplication and expect
that now you have access to all the goodies. you need to poke around
see if you can break out of sql (or have root) i dont know what you
mean by "compromise" by your lack of description I assume that you
just got a user password to a database server, so you can possible
exploit the server corrupt data possibly break out, but it all depends
on what knowledge you can gather what you can do to get back any lack
of security they might have. I would recommend dooing a little
research on the differences of MYSQL vs MSSQL as the idea of hack hack
command prompt arnt the same


On Jan 4, 2008 6:40 AM, Clone <c70n3 () yahoo co in> wrote:
Hello guys,

I'm doing a pen-test. I have compromised a remote
mysql server ver 4.x doing password cracking. Is there
anything  I can do like xp_cmdshell in MSSQL to run OS
or network commands? Is there a way to compromise
their internal network from here?

Clone


      Save all your chat conversations. Find them online at http://in.messenger.yahoo.com/webmessengerpromo.php


------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------



------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]