From: Jon Hart (jhart@spoofed.org)
Date: Wed Jan 09 2008 - 13:03:54 EST
On Tue, Jan 08, 2008 at 09:11:07AM -0800, Josh Miller wrote:
> Clone wrote:
> >Hello guys,
> >
> >I'm doing a pen-test. I have compromised a remote
> >mysql server ver 4.x doing password cracking. Is there
> >anything I can do like xp_cmdshell in MSSQL to run OS
> >or network commands? Is there a way to compromise
> >their internal network from here?
> >
> >
> You can use the 'system' command to execute local commands.
system is local to the system running the mysql client. See
http://dev.mysql.com/doc/refman/5.0/en/mysql-commands.html.
'load data infile'
(http://dev.mysql.com/doc/refman/5.0/en/load-data.html) and 'select ...
into outfile ...' (http://dev.mysql.com/doc/refman/5.0/en/select.html)
are good starting points.
-jon
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:19 EDT