Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: MySQL compromise
From: Jon Hart <jhart () spoofed org>
Date: Wed, 9 Jan 2008 10:03:54 -0800

On Tue, Jan 08, 2008 at 09:11:07AM -0800, Josh Miller wrote:
Clone wrote:
Hello guys,

I'm doing a pen-test. I have compromised a remote
mysql server ver 4.x doing password cracking. Is there
anything  I can do like xp_cmdshell in MSSQL to run OS
or network commands? Is there a way to compromise
their internal network from here?

 
You can use the 'system' command to execute local commands.

system is local to the system running the mysql client.  See
http://dev.mysql.com/doc/refman/5.0/en/mysql-commands.html.

'load data infile'
(http://dev.mysql.com/doc/refman/5.0/en/load-data.html) and 'select ...
into outfile ...' (http://dev.mysql.com/doc/refman/5.0/en/select.html)
are good starting points.

-jon

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault