Re: MySQL compromise

From: Kelly Keeton (kellyrkeeton@gmail.com)
Date: Tue Jan 08 2008 - 12:31:47 EST

• Next message: Thor (Hammer of God): "RE: How to report a Vulnerability to a Company"
• Previous message: peter.schaub@thomson.com: "RE: Need Check list for Testing HSIA..."
• In reply to: Clone: "MySQL compromise"
• Next in thread: Laszlo KLOCK: "Re: MySQL compromise"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

all depends on what you have access to and where you can go some sites
i would recommend checking out....

http://www.milw0rm.com/
http://www.metasploit.com/
http://www.remote-exploit.org/backtrack.html
http://de-ice.net/

you cant just hack out a password from a webapplication and expect
that now you have access to all the goodies. you need to poke around
see if you can break out of sql (or have root) i dont know what you
mean by "compromise" by your lack of description I assume that you
just got a user password to a database server, so you can possible
exploit the server corrupt data possibly break out, but it all depends
on what knowledge you can gather what you can do to get back any lack
of security they might have. I would recommend dooing a little
research on the differences of MYSQL vs MSSQL as the idea of hack hack
command prompt arnt the same

On Jan 4, 2008 6:40 AM, Clone <c70n3@yahoo.co.in> wrote:
> Hello guys,
>
> I'm doing a pen-test. I have compromised a remote
> mysql server ver 4.x doing password cracking. Is there
> anything I can do like xp_cmdshell in MSSQL to run OS
> or network commands? Is there a way to compromise
> their internal network from here?
>
> Clone
>
>
> Save all your chat conversations. Find them online at http://in.messenger.yahoo.com/webmessengerpromo.php
>
>
> ------------------------------------------------------------------------
> This list is sponsored by: Cenzic
>
> Need to secure your web apps NOW?
> Cenzic finds more, "real" vulnerabilities fast.
> Click to try it, buy it or download a solution FREE today!
>
> http://www.cenzic.com/downloads
> ------------------------------------------------------------------------
>
>

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------

• Next message: Thor (Hammer of God): "RE: How to report a Vulnerability to a Company"
• Previous message: peter.schaub@thomson.com: "RE: Need Check list for Testing HSIA..."
• In reply to: Clone: "MySQL compromise"
• Next in thread: Laszlo KLOCK: "Re: MySQL compromise"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:19 EDT