search

3306 - MySQL

Always test the default credentials of 'root/root'

mysql --host=<ip> -u root -p
mysql -h <Hostname> -u root
mysql -h <Hostname> -u root@localhost
mysql -h <Hostname> -u ""@localhost

telnet ip 3306

hashtag
Configuration file

cat /etc/my.cnf

http://www.cyberciti.biz/tips/how-do-i-enable-remote-access-to-mysql-database-server.html

hashtag
Mysql-commands cheat sheet

http://cse.unl.edu/~sscott/ShowFiles/SQL/CheatSheet/SQLCheatSheet.html

hashtag
Escalating privileges

If mysql is started as root you might have a chance to use it as a way to escalate your privileges.

hashtag
MYSQL UDF INJECTION:

https://infamoussyn.com/2014/07/11/gaining-a-root-shell-using-mysql-user-defined-functions-and-setuid-binaries/

hashtag
Finding passwords to mysql

In Joomla look for passwords in this file:

Previous2049 - NFSNext3389 - RDP

Last updated