Home page logo
/

pen-test logo Penetration Testing mailing list archives

Penetrating a MySql Server
From: r00fsec () gmail com
Date: 23 Nov 2009 10:27:59 -0000

Hi!!

So...I have a home server . It uses apache , php and MySql (5.0.77). It doesn't has any site on it but i create a page 
with a simple sql injection Bug.
MySql server is running as root user. Now the goal is to take a shell in this server just for exercise . I know that it 
is not so easy to find out there a server like this but im now starting to "play" with these things.

I have try some technics but i didnt got the shell yet :p Here is what im doing..

1st I  use the load_file() function to see any file in the server like /etc/passwd
2nd i tried to use the technic of into outfile and then use it as Remote Code Execution but occurs an error. Because of 
the permissions.

Thats all i had tried in the home server.

Do you have any idea on how to continue penetrate this server ? If you want give me some hints to continue my exercise.

Thanks!

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault