Re: PENTEST MySQL on windows

From: Tim (tim-pentest@sentinelchicken.org)
Date: Thu Feb 24 2005 - 22:44:36 EST

• Next message: Chris: "Re: Traceroute"
• Previous message: Capixaba: "Re: Bypassing NTFS ACL"
• In reply to: Anthony Ruso: "PENTEST MySQL on windows"
• Next in thread: Marco Ivaldi: "Re: PENTEST MySQL on windows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> Doing a pentest on a site hosting a vulnerable verion of MySQL on a
> Windows box. I was able to get full access to the DB and export ALL the
> data. Anyone have any ideas on jumping to the Windows OS with full
> access to Just the DB.

I don't know if you are familiar with this, but MySQL supports a SELECT
syntax called OUTFILE that allows you to write output of a query to a
file. See:
  http://dev.mysql.com/doc/mysql/en/select.html

This syntax is pretty limited, and the permission to do this can be
turned off, but if you have the right privs, and can craft a batch
script, and put it in the right place on the filesystem, perhaps it will
help.

good luck,
tim

• Next message: Chris: "Re: Traceroute"
• Previous message: Capixaba: "Re: Bypassing NTFS ACL"
• In reply to: Anthony Ruso: "PENTEST MySQL on windows"
• Next in thread: Marco Ivaldi: "Re: PENTEST MySQL on windows"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:17 EDT