3306 - MySQL - CSPSec

# **Basic Information** According to [HTB Academy](https://academy.hackthebox.com/module/112/section/1238): > `MySQL` is an open-source SQL relational database management system developed and supported by Oracle. A database is simply a structured collection of data organized for easy use and retrieval. The database system can quickly process large amounts of data with high performance. Within the database, data storage is done in a manner to take up as little space as possible. The database is controlled using the [SQL database language](https://www.w3schools.com/sql/sql_intro.asp). MySQL works according to the `client-server principle` and consists of a MySQL server and one or more MySQL clients. The MySQL server is the actual database management system. It takes care of data storage and distribution. The data is stored in tables with different columns, rows, and data types. These databases are often stored in a single file with the file extension `.sql`, for example, like `wordpress.sql`. ```bash # install mysql server sudo apt install mysql-server -y # view configuration file cat /etc/mysql/mysql.conf.d/mysqld.cnf | grep -v "#" | sed -r '/^\s*$/d' ``` # **Enumeration** ## **Scanning** ```bash # default scan sudo nmap -sV -sC -p3306 --script mysql* <target_ip> ``` ## **Mysql Commands** ```bash # connect to the MySQL server. There should not be a space between the '-p' flag, and the password mysql -u <user> -p<password> -h <target_ip> # ignore server self-signed cert # ERROR 2026 (HY000): TLS/SSL error: self-signed certificate in certificate chain mysql -u <user> -p<password> --skip-ssl-verify-server-cert-h <target_ip> # show all databases show databases; # select a database use <db_name> # show all available tables in the selected database show tables; # show all columns in the selected table show columns from <table_name>; # show everything in the selected table select * from <table_name>; # show everything in the selected table horizontally select * from <table_name>\G # search for string in selected table select * from <table_name> where <column> = "<some_string>"; ``` According to [HTB Academy](https://academy.hackthebox.com/module/112/section/1238): > If we look at the existing databases, we will see several already exist. The most important databases for the MySQL server are the `system schema` (`sys`) and `information schema` (`information_schema`). The system schema contains tables, information, and metadata necessary for management. More about this database can be found in the [reference manual](https://dev.mysql.com/doc/refman/8.0/en/system-schema.html#:~:text=The%20mysql%20schema%20is%20the,used%20for%20other%20operational%20purposes) of MySQL. ```bash # display number of unique users per host use sys; show tables; select host, unique_users from host_summary; ``` # **References** # **Practical Application** | Platform | Name | Notes | | ------------ | ------------ | ----- | | Hack the Box | [[Outbound]] | |