MySQL

Sometimes, you may have Nmap results as shown below:

3306/tcp  open  mysql       syn-ack ttl 61 MySQL (unauthorized)

This means that we cannot log in to MySQL remotely.

Check if SQL is running or present

There are two ways to determine this: one is by using the Nmap results, and the other is by checking the process list after gaining initial access to the system.

# In linux:
ps auxf

# In windows:
tasklist # CMD
Get-Process # PS

After you have determined you can check for default credentials for MySQL server.

Checking for default credentials:

In Linux, we can run the below command to check:

if command -v mysqladmin &>/dev/null; then echo "MySQL version: $(mysql --version)"; for creds in "root:root" "root:toor" "root:"; do user="${creds%%:*}"; pass="${creds#*:}"; if mysqladmin -u"$user" -p"$pass" version &>/dev/null; then echo "  ✓ Default credential works: $creds"; else echo "  ✗ No success with: $creds"; fi; done; else echo "MySQL is not installed or not in PATH"; fi

You can also get this value simply by running linpeas.sh

Look for passwords in configuration files. Example: db.php in the web directory.

Basic command for MySQL:

LogoMySQL | Tips To Securehacking.tipstosecure.com
Some Useful command for enumeration

HELP:

https://exploit-notes.hdks.org/exploit/database/mysql-pentesting/exploit-notes.hdks.org
PreviousEncoding ToolNextCommon Vulnerabilty Attack

Last updated