1. Experimental project name
Post-infiltration data acquisition experiment
2. The purpose of the experiment
1. Master the method of connecting to the mysql server in kali
2. Master the sql syntax of mysql to obtain sensitive information
3. Experimental content
Proxy the mysql command in kali to the target intranet through the obtained database account password and proxy traffic through socks, connect to the target mysql database, and obtain sensitive data through a series of sql commands after connection
4. Experimental environment
1. Experimental platform: CSIITR platform
2. Experiment target: 172.18.206.15 X
3. Tools: kali、proxychains、mysql
5. Experimental steps
6. Experimental results
1. The command to connect to the target mysql database is: (the answer is not unique, just write one)
proxychains mysql -u oa -h 192.168.223.3 -p144d993ba34367792dfe58370935c4b5
2. How to view the permissions of the current mysql user:
SHOW GRANTS FOR oa@'%';
3. How to read disk files through mysql:
select load_file('/etc/passwd');
7. Experimental summary
1. Which built-in functions in MySQL represent the version, current user, installation directory, data directory, and plug-in directory?
version() indicates the version
current_user() indicates the current user
@@basedir MySQL indicates the installation directory
@@datadir MySQL indicates the data directory
@@plugin MySQL indicates the plugin directory
2. What grammatical structures can be used in MySQL to read and write disk files?
read: load_file
Write: into outfile or into dumpfile
3. What preconditions are required for the grammatical structure of reading and writing to the disk in the previous question? (write as much as possible)
1. The current database user has read permission on the file
2. The current database user has file permissions
3. The current database user has write permission on the file
4. The file size is smaller than max_allowed_packet