| Settings | Description |
|---|---|
user |
Sets which user the MySQL service will run as. |
password |
Sets the password for the MySQL user. |
admin_address |
The IP address on which to listen for TCP/IP connections on the administrative network interface. |
debug |
This variable indicates the current debugging settings |
sql_warnings |
This variable controls whether single-row INSERT statements produce an information string if warnings occur. |
secure_file_priv |
This variable is used to limit the effect of data import and export operations. |
Footprinting:
nmap $HOST -sV -sC -p3306 --script mysql*
information schema table doc: https://dev.mysql.com/doc/refman/8.0/en/system-schema.html#:~:text=The mysql schema is the,used for other operational purposes
Microsoft catalog system schema contains more info than unix one.
Writeup:
Enumerate the MySQL server and determine the version in use. (Format: MySQL X.X.XX) Nmap scan above
During our penetration test, we found weak credentials "robin:robin". We should try these against the MySQL server. What is the email address of the customer "Otto Lang"?
mysql -h $HOST -u robin --skip-ssl-verify-server-cert
SHOW DATABASES;
CONNECT customers;
SHOW tables;
SELECT * FROM myTable WHERE name='Otto Lang';