MYSQL remote Acces

[jap@n4]

Hi guy, im trying to acces to an mysql database remotely.
I got the mysql user, password, and url but im getting and ERROR 1045 (28000).

The remote acces im trying to do is with the terminal using mysql command like this @user: mysql -u USER -p -h IP_SERVER -e "use mysql;"
Does this mean that the account doesn't have remote access enabled? and if so, there is any other way to access the database?

[madf0x]

google is your friend:

http://stackoverflow.com/questions/10299148/mysql-error-1045-28000-access-denied-for-user-billlocalhost-using-passw

and yes I read through that, should explain your issue if you can put 1 and 2 together.

[jap@n4]

I don't have access to the database , so i can't edit the user privileges.

If i got the url, user and password is useless if that user doesn't have the privileges, i know i'm stupid.

Thanks for the link c:

[madf0x]

I figured as much, thats where the math comes into play.

You cant connect remotely cause of the privs and the @localhost shenanigans. So if you want to interact, you have to make the connection from the target in question. Password and username reuse can be helpful here to help gain further access. Alternatively, use whatever method you used to gain this info to gain even better leverage. Get creative.

[jap@n4]

I didn't know that remote mysql conection uses the user IP to make the login, so the only way is ssh as root and create the right privileges.
Otherwise i will keep leaving my footprint on the login because it's say's "user_@MY_random_IP".

Thanks for the reply madf0x.

[madf0x]

you don't necessarily need to be root.

Think of it this way, a lot of php based sites use mysql and contains hardcoded login information for the database(such as the credentials you have obtained). Even though the php script is likely being ran from an apache2 or httpd user, its still from localhost and it's allowed. So you don't need ssh in as root and modify privs. You could ssh in as any valid user that can run the mysql binary and then login to the database. Or if you can drop your own php script in the web directory, that php script could access the database for you.

Depending on the credentials theres the chance it's being reused as well. if the user is 'mysql' not so much,  but the password could be valid for other logins. If its something like username  = 'admin' and password = '!@DR#@!1HJ' then that means theres likely a user created admin account on the box, that could possibly being using that password. So instead of loggin into the database directly, you ssh in with those credentials and then access mysql.

As for leaving tracks, remember you're leaving waay more tracks then just the mysql logins, pretty much no matter what method you use. Thats why if you want to be covert youre gunna have to hunt down pretty much all the logs and clean them of dangerous entries, then hope that there isn't any isp related logs that could be time correlated to the attack. Theres reasons why its strongly recommended not to hack from home. Heck theres the chance that logs are emailed or backed up to a secondary server and your chances of cleaning them starts going down without breaking into even more boxes creating more data.

But back to the original issue, im positive that if you managed to get the mysql login information, that either those, or your method to obtain them can still be leveraged to accomplish your goal. Just gotta think hard and look harder.

[jap@n4]

That's really good, but i already tried to use the logins that i have from the mysql user to access ftp, ssh even cpanel.

I wish there's something else, i will keep investigating, already learned a few stuff trying to accomplish this.

Thank's for taking the time to reply madf0x