MySQL 🍃 ¶

MySQL is an open-source relational database management system. It was acquired by Oracle. There is a well-known fork called MariaDB.

🐲 MySQL (and MariaDB) default port is 3306.

$ sudo apt install default-mysql-client

By default, there is no password for root (blank ☠️).

$ mysql -u root -p                          # connect
$ mysql -u <username> -p -h <ip> -P <port>  # same
$ mysql -u root -p db_name < xxx.sql        # import sql
$ mysql -u root -ppassword                  # no space

Some commands:

source xxx.sql;                -- import
DESCRIBE table_name;           -- definition of a table
SELECT VERSION();              -- version
SELECT database();             -- show current database
SHOW DATABASES;                -- list databases
USE a_database;                -- select one
SHOW TABLES;                   -- list tables

MySQL store structural data in information_schema:

• Tables: SELECT table_name FROM information_schema.tables WHERE TABLE_SCHEMA='db_name';
• Columns: SELECT column_name FROM information_schema.columns WHERE TABLE_SCHEMA='db_name' AND TABLE_NAME='table_name';
• Users: SELECT CONCAT(user, '%', host) as 'username', authentication_string FROM mysql.user;
• Privileges: Select privilege_type From information_schema.user_privileges Where GRANTEE = CURRENT_USER();

• service mysql status: check if service started
• nmap mysql-*
• MySQL Workbench

MySQL custom commands

• select * from mysql.func (if empty no user defined functions)
• sys_exec function
• select @@plugin_dir; (if writable, we may inject a shellcode)
• mysql exploitdb UDF exploit