From: pentestr (pentestr@gmail.com)
Date: Thu Jan 10 2008 - 05:08:51 EST
Hi guys,
If we are connecting a remote system the "system" command will show our
local systems NIC configuration.
Regards.
PenTestr.
Josh Miller wrote:
> Clone wrote:
>> Hello guys,
>>
>> I'm doing a pen-test. I have compromised a remote
>> mysql server ver 4.x doing password cracking. Is there
>> anything I can do like xp_cmdshell in MSSQL to run OS
>> or network commands? Is there a way to compromise
>> their internal network from here?
>>
>>
> You can use the 'system' command to execute local commands.
>
> mysql> system ifconfig
> eth0 Link encap:Ethernet HWaddr 00:0C:29:83:88:A6 inet
> addr:x.x.x.x Bcast:x.x.x.255 Mask:255.255.255.0
> inet6 addr: fe80::20c:29ff:fe83:88a6/64 Scope:Link
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:1083309 errors:1 dropped:0 overruns:0 frame:0
> TX packets:449639 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:1000
> RX bytes:95073812 (90.6 MiB) TX bytes:86973259 (82.9 MiB)
> Interrupt:177 Base address:0x1424
>
> lo Link encap:Local Loopback inet addr:127.0.0.1
> Mask:255.0.0.0
> inet6 addr: ::1/128 Scope:Host
> UP LOOPBACK RUNNING MTU:16436 Metric:1
> RX packets:1136 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1136 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:0
> RX bytes:95738 (93.4 KiB) TX bytes:95738 (93.4 KiB)
>
>
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:58:19 EDT