(3306)MySQL
About
MySQL is an open-source SQL relational database management system developed and supported by Oracle. It works according to the client-server principle and consists of a MySQL server and one or more MySQL clients. The database is controlled using the SQL database language. The data is stored in tables with different columns, rows, and data types. These databases are often stored in a single file with the file extension .sql
, for example, like wordpress.sql
Default Configuration
$ sudo apt install mysql-server -y
$ cat /etc/mysql/mysql.conf.d/mysqld.cnf | grep -v "#" | sed -r '/^\s*$/d'
Dangerous Settings
Like any server configuration, anything can go wrong if server administrator oversee a vulnerable setting. The settings below are the "main" options that are security-relevant:
user
Sets which user the MySQL service will run as.
password
Sets the password for the MySQL user.
admin_address
The IP address on which to listen for TCP/IP connections on the administrative network interface.
debug
This variable indicates the current debugging settings
sql_warnings
This variable controls whether single-row INSERT statements produce an information string if warnings occur.
secure_file_priv
This variable is used to limit the effect of data import and export operations.
Footprinting
Nmap
$ sudo nmap <TARGE IP> -sV -sC -p3306 --script mysql*
we should always be careful with the results we get from any automated tool. In this case, there's a big chance we run into false positives when Nmap scans the port and returns usernames marked as valid when they're actually not. Remember that the server configuration is what determines the returning values these automated tools get. So a simple return status could force the tool to mishandle that information and get us "wrong" output.
Interacting With The Server
$ mysql -u <USER> -p<PASSWORD> -h 10.129.14.128
Command
Description
mysql -u <user> -p<password> -h <IP address>
Connect to the MySQL server. There should not be a space between the '-p' flag, and the password.
show databases;
Show all databases.
use <database>;
Select one of the existing databases.
show tables;
Show all available tables in the selected database.
show columns from <table>;
Show all columns in the selected database.
select * from <table>;
Show everything in the desired table.
select * from <table> where <column> = "<string>";
Search for needed string
in the desired table.
Last updated