Skip to content

Introduction

MySQL is an open-source relational database management system (RDBMS) that uses SQL (Structured Query Language) for managing data. Owned by Oracle Corporation, it's widely used for web applications due to its reliability, scalability, and flexibility. MySQL operates on a client-server model and supports various storage engines to cater to different performance and transactional needs.

Local MySQL Access Scenarios

Scenario Command
No password mysql -u [USERNAME]
With Password mysql -u [USERNAME] -p
Specify database name mysql -u [USERNAME] -p database_name
Execute commands mysql -u [USERNAME] -p database_name -e "show databases;"
Execute commands via a file echo 'show tables;' > example.sql
mysql -u [USERNAME] --password='password' database_name -v < example.sql
Read arbitrary files mysql -u [USERNAME] --password='password' database_name -v < /etc/passwd

Remote MySQL Access Scenarios

Scenario Command
With Password mysql -u [USERNAME] -p -h [TARGET-IP] -P 3306
Without password (remove -p) mysql -u [USERNAME] -h [TARGET-IP] -P 3306
Specify database (-D) mysql -u [USERNAME] -p -h [TARGET-IP] -D database_name
Default credential (username: root, no password) mysql -u root -h [TARGET-IP] -P 3306

Brute-Forcing MySQL Credentials

Scenario Command
Unknown User hydra -L user.txt -p "Password" -f [TARGET-IP] mysql
Unknown Password hydra -l user -P /opt/rockyou.txt -f [TARGET-IP] mysql
Unknown User and Password hydra -L user.txt -P /opt/rockyou.txt -f [TARGET-IP] mysql
Different Port hydra -l user -P /opt/rockyou.txt -f [TARGET-IP] mysql -s 9999

MySQL Enumeration and Management Commands

Action Command
List MySQL users select user from mysql.user;
List privileges of each user select user,select_priv,insert_priv,update_priv,delete_priv,create_priv from mysql.user;
Display databases show databases;
Switch to the database use db_name;
Display tables in the current database show tables;
Display tables and table type show full tables;
Display tables in the database show tables from [DATABASE];
Display tables which names start with 'user' show tables like 'user%';
Display tables which names start with 'user' in the database show tables from [DATABASE] like 'user%';
Display columns in a given table show columns from [TABLE];
Display everything in the table select * from [TABLE];
Create new table create table table_name(column_name column_type);
create table table_name(user_id int, user_name varchar(40));
Create a user-defined function create function func_name(param1, param2) returns datatype;
create function new_fund(age integer) returns integer;
Use a function select func_name(param1, param2);
Insert new record to a given table insert into [TABLE] values(value1, value2);
Update data in a given table update [TABLE] set [COLUMN]='[VALUE]';
update [TABLE] set [COLUMN1]='[VALUE1]',[COLUMN2]='[VALUE2]';
Delete a record delete from [TABLE] where [COLUMN] = [VALUE];

MySQL Command Line Enumeration

# Lists all databases on the MySQL server.  
SHOW DATABASES;
# Switches to a specific database.  
USE database_name;
# Displays all tables in the current database.  
SHOW TABLES;
# Lists all columns in a specific table.    
SHOW COLUMNS FROM table_name;
# Retrieves data from a table.  
SELECT * FROM table_name;