From: Josh Miller (joshua@itsecureadmin.com)
Date: Tue Jan 08 2008 - 12:11:07 EST
Clone wrote:
> Hello guys,
>
> I'm doing a pen-test. I have compromised a remote
> mysql server ver 4.x doing password cracking. Is there
> anything I can do like xp_cmdshell in MSSQL to run OS
> or network commands? Is there a way to compromise
> their internal network from here?
>
>
You can use the 'system' command to execute local commands.
mysql> system ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:83:88:A6
inet addr:x.x.x.x Bcast:x.x.x.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe83:88a6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1083309 errors:1 dropped:0 overruns:0 frame:0
TX packets:449639 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:95073812 (90.6 MiB) TX bytes:86973259 (82.9 MiB)
Interrupt:177 Base address:0x1424
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:1136 errors:0 dropped:0 overruns:0 frame:0
TX packets:1136 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:95738 (93.4 KiB) TX bytes:95738 (93.4 KiB)
-- Joshua M. Miller - RHCE,VCP ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:18 EDT