Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: PENTEST MySQL on windows

from [Sels, Roger] Network Security [Permanent Link]
Subject: Re: PENTEST MySQL on windows
Date: Fri, 25 Feb 2005 09:36:36 +0100 (CET) 
Hi ALL,

Doing a pentest on a site hosting a vulnerable verion of MySQL on a
Windows box. I was able to get full access to the DB and export ALL the
data. Anyone have any ideas on jumping to the Windows OS with full
access to Just the DB.

Thanks



Hi Anthony,

If the MySQL server is vulnerable, you could try using stored procedures &
extended stored procedures (XP) such as xp_cmdshell , which will allow you
to execute code.
XP's are written in high-languages like C and compiled into .DLL's. The
advantage is that the DLL just needs to be present on the machine to be
able to exploit it, much like the .dll's needed to exploit some ISAPI IIS
extensions ;)

e.g. SQL XP: exec master..xp_cmdshell 'dir' would obtain a directory
listing of the current working directory of the SQL Server process.

Check out the most excellent paper "Advanced SQL Injection techniques" by
Chris Anley. (http://www.nextgenss.com/papers/advanced_sql_injection.pdf )
Viewable as HTML if you use google, but I guess that's obvious ;)

Good luck!

Roger


-- 
Under capitalism, man exploits man.
Under communism, it's just the opposite.
J.K.Galbraith
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: PENTEST MySQL on windows, Marco Ivaldi
Next by Date:  FW: PENTEST MySQL on windows, Anthony Ruso
Previous by Thread:  Re: PENTEST MySQL on windows, Tim
Next by Thread:  Re: PENTEST MySQL on windows, Marco Ivaldi
Indexes:  [Date] [Thread] [Top] [All Lists]