Disclaimer: This material is provided solely for educational purposes.
You are fully responsible for how
you use the information.
We
do not encourage any kind of illegal or harmful activity.
Introduction
MySQL is an open-source relational database management system (RDBMS) that uses SQL (Structured Query Language) for managing data. Owned by Oracle Corporation, it's widely used for web applications due to its reliability, scalability, and flexibility. MySQL operates on a client-server model and supports various storage engines to cater to different performance and transactional needs.
Local MySQL Access Scenarios
Scenario |
Command |
No password |
mysql -u [USERNAME] |
With Password |
mysql -u [USERNAME] -p |
Specify database name |
mysql -u [USERNAME] -p database_name |
Execute commands |
mysql -u [USERNAME] -p database_name -e "show databases;" |
Execute commands via a file |
echo 'show tables;' > example.sql
mysql -u [USERNAME] --password='password' database_name -v < example.sql |
Read arbitrary files |
mysql -u [USERNAME] --password='password' database_name -v < /etc/passwd |
Remote MySQL Access Scenarios
Scenario |
Command |
With Password |
mysql -u [USERNAME] -p -h [TARGET-IP] -P 3306 |
Without password (remove -p) |
mysql -u [USERNAME] -h [TARGET-IP] -P 3306 |
Specify database (-D) |
mysql -u [USERNAME] -p -h [TARGET-IP] -D database_name |
Default credential (username: root, no password) |
mysql -u root -h [TARGET-IP] -P 3306 |
Brute-Forcing MySQL Credentials
Scenario |
Command |
Unknown User |
hydra -L user.txt -p "Password" -f [TARGET-IP] mysql |
Unknown Password |
hydra -l user -P /opt/rockyou.txt -f [TARGET-IP] mysql |
Unknown User and Password |
hydra -L user.txt -P /opt/rockyou.txt -f [TARGET-IP] mysql |
Different Port |
hydra -l user -P /opt/rockyou.txt -f [TARGET-IP] mysql -s 9999 |
MySQL Enumeration and Management Commands
Action |
Command |
List MySQL users |
select user from mysql.user; |
List privileges of each user |
select user,select_priv,insert_priv,update_priv,delete_priv,create_priv from mysql.user; |
Display databases |
show databases; |
Switch to the database |
use db_name; |
Display tables in the current database |
show tables; |
Display tables and table type |
show full tables; |
Display tables in the database |
show tables from [DATABASE]; |
Display tables which names start with 'user' |
show tables like 'user%'; |
Display tables which names start with 'user' in the database |
show tables from [DATABASE] like 'user%'; |
Display columns in a given table |
show columns from [TABLE]; |
Display everything in the table |
select * from [TABLE]; |
Create new table |
create table table_name(column_name column_type);
create table table_name(user_id int, user_name varchar(40)); |
Create a user-defined function |
create function func_name(param1, param2) returns datatype;
create function new_fund(age integer) returns integer; |
Use a function |
select func_name(param1, param2); |
Insert new record to a given table |
insert into [TABLE] values(value1, value2); |
Update data in a given table |
update [TABLE] set [COLUMN]='[VALUE]';
update [TABLE] set [COLUMN1]='[VALUE1]',[COLUMN2]='[VALUE2]'; |
Delete a record |
delete from [TABLE] where [COLUMN] = [VALUE]; |
MySQL Command Line Enumeration
# Lists all databases on the MySQL server.
SHOW DATABASES;
# Switches to a specific database.
USE database_name;
# Displays all tables in the current database.
SHOW TABLES;
# Lists all columns in a specific table.
SHOW COLUMNS FROM table_name;
# Retrieves data from a table.
SELECT * FROM table_name;