Author Topic: Hacking Into A Mysql Database (Read 5961 times)

lordwhizy · « **on:** June 02, 2012, 05:29:48 pm »

Hi Guys, I have been trying to hack a web application db...
Bad thing is that the entire site is not vulnerable to sql injection...
but the server seems awfully vulnerable (nessus scan result), been trying out all my wits, almost a week of sleepless night now, i need some assistance.
Some info about the site...?
i'm on the same local network as the site.

Kulverstukas · « **Reply #1 on:** June 02, 2012, 08:22:33 pm »

same local network? so that means you are a student at that university...
About the database, if the database is running locally (same server as the website) there is no way to connect to it unless you can get into the server itself and connect from there.

But if you are a student there, there might be other things you could do...

gh0st · « **Reply #2 on:** June 02, 2012, 08:33:25 pm »

im a bit noob in this topic but you also could use a 0 day just check the version of the db then if its outdated google for an exploit for it this shouldnt be too hard to run i guess

lordwhizy · « **Reply #3 on:** June 02, 2012, 09:34:21 pm »

Yeah, that where the problem is, i cant get into the server, i found multiple vulnerabilities on it, but cant exploit them, maybe i dont know how to use the exploit codes, I'll post link to the exploit code.

lordwhizy · « **Reply #4 on:** June 03, 2012, 02:57:29 am »

i'm kinda confused on something, the OS, according to the site 404 page it shows some linux info, nessus scan and zenmap intense scan detect some linux 2.6, but i found out that the server has wamp (window program) on it and zenmap slow comprehensive scan reports some windows server. $:-\$

lordwhizy · « **Reply #5 on:** June 04, 2012, 08:52:49 am »

New development, i found some old scripts on the server that showed the the phpinfo(), and some directories that does not open index.php by default even when it is present, dont know how to use this info.
i found a way to upload a file into the /tmp directory on the server,
i'm thinking if i can upload a type of virus into this /tmp directory that will copy itself into the /usr/local/apache2 folder and execute some shell or backdoor codes i can gain access.
Can any body help with this? dont know much about viruses

Kulverstukas · « **Reply #6 on:** June 04, 2012, 10:24:19 am »

No viruses can do what you want. Just upload a shell to /tmp if you can and see where that goes.

lordwhizy · « **Reply #7 on:** June 04, 2012, 11:03:33 am »

But how do i run the shell, since it not in the public apache directory?

Kulverstukas · « **Reply #8 on:** June 04, 2012, 11:18:46 am »

you upload it and you open it like opening a file.... just google it.

lordwhizy · « **Reply #9 on:** June 06, 2012, 09:00:27 am »

I could'nt find anything understandable on google, can you please shed more light on this....

And secondly, i want to try this exploit code, [size=78%]http://www.exploit-db.com/exploits/2237/[/size] but i dont understand what the

"RewriteRule kung/(.*) $1" is.

Please check it out

EvilZone

News:

Author Topic: Hacking Into A Mysql Database (Read 5961 times)

lordwhizy

Hacking Into A Mysql Database

Kulverstukas

Re: Hacking Into A Mysql Database

gh0st

Re: Hacking Into A Mysql Database

lordwhizy

Re: Hacking Into A Mysql Database

lordwhizy

Re: Hacking Into A Mysql Database

lordwhizy

Re: Hacking Into A Mysql Database

Kulverstukas

Re: Hacking Into A Mysql Database

lordwhizy

Re: Hacking Into A Mysql Database

Kulverstukas

Re: Hacking Into A Mysql Database

lordwhizy

Re: Hacking Into A Mysql Database