MySQL (3306)

Oracle MySQL.

Protocol Information

MySQL is an open source relational database management system based on SQL (Structured Query Language) developed and supported by Oracle.

MariaDB, which is often associated with MySQL, is a fork of the original MySQL code. This is because the lead developer of MySQL left the MySQL AB company after it was acquired by Oracle and developed another open source SQL database management system based on the MySQL source code, calling it MariaDB.

Port

3306 TCP	MySQL

Config File

• /etc/mysql/mysql.conf.d/mysqld.cnf

Interact

You can check if it is possible to log in with user “root” and password “”.

mysql -h <IP> -P <PORT> -u <USER> -p [--skip-ssl-verify-server-cert]

If ERROR 2026 (HY000) TLS/SSL error shows up, we can append --skip-ssl at the end of the command to connect to the database.

C:\xampp\mysql\bin> .\mysql.exe -u <USER> -p <PASS> -D <DB_NAME> -e "SHOW TABLES;"

Or Connect with dbeaver.

> show databases;
> use <DBNAME>;
> show tables;
> describe <TABLE>;
> select * from <TABLE>;
> show grants;
> select load_file(”/etc/shadow”);    # with root access

DEFINITION, MANIPULATION, DATATYPE

Attacks

• SQLi and more with MySQL