In the enterer Privilege Escalation tutorial, mysql was killed successfully.

This article can be discussed with the author here:Http://bbs.2cto.com/read.php? Tid = 120440

Author:Enterer

Blog:Www.enterer.cn

Reprinted and retained

I have provided a series of tutorials recently. I hope you can finish the tutorials. Although it is not very advanced, it is helpful to read your ideas about Elevation of Privilege and intrusion techniques. You should not say how to steal accounts, how to brush bricks, and how to learn basic things.

SinceMssqlI have been searching forMysqlOpportunities for Elevation of Privilege. Generally, these two databases are installed on servers, so it is helpful to master the Elevation of Privilege for these two databases. ThoughShellThere are someMysqlOfRootPassword,Udf. dllThey are always killed and speechless.

UdfAlthough there are many features, it is too easy to get killed.

Let's get started. FirstRootThe password is necessary 《ASP SHELLThe article about the Elevation of Privilege process. The tool isMysql BackDoorIt is easy to search online. Fill in the password and click automatic installation.

 

 

 

The installation is successful and the import is successful. None of the items shown here are all failed. Some failures do not know what is going on.

 

 

 

Then you can runCMDCommand. This tool is only capable of runningCMDCommand (seems to be able to reboundNCI will continue to suffer from the internal network .)UDFAvailable3389And the Registry. Although there are few features, it is enough to escalate permissions.Net userAfter successful Echo, you can proceed step by step.

 

 

 

UseNetstat-Check the port. It seems that the Administrator has changed the port and found the most suspicious connection, which is indeed the Remote Desktop.