Metasploit provides a highly reliable module for brute-forcing MySQL credentials:
MySQL 5.0.x – 5.1.63, 5.5.x – 5.5.24, 5.6.x – 5.6.6 Exploit: When memcmp() returns 0, authentication succeeds even with wrong password. Exploit script (bash): mysql hacktricks verified
: All file import and export operations are completely disabled. Reading Local Files 5.5.x – 5.5.24
Requires SUPER or SYSTEM_VARIABLES_ADMIN . you can perform various post-exploitation activities:
After exploiting a MySQL database, you can perform various post-exploitation activities: