Shulou(Shulou.com)06/02 Report--

How to increase the weight of udf in MySQL? aiming at this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a more simple and feasible method.

UDF (user defined function) user-defined function is an extended interface of mysql. Users can use custom functions to achieve functions that cannot be easily implemented in mysql, and the new functions they add can be called in sql statements, just like calling native functions.

Conditions for 0x02 Windows to raise the right

1. If the mysql version is greater than 5.1, the lib udf.dll file must be placed in the lib\ plugin folder of the mysql installation directory.

two。 If the mysql version is less than 5.1, the udf.dll file is placed in the c:\ windows\ system32 directory under windows server 2003 and in the c:\ winnt\ system32 directory under windows server 2000

3. The permissions you have must have insert and delete permissions.

4. Have write access to the directory

The above conditions are collected from the Internet and have not been fully tested.

The version I use here is MySQL5.5.56, the permission I use is root permission, and I will

The secure-file-priv parameter has also been set to null, so please note again here.

In the higher version, the secure-file-priv parameter is very important, it restricts the export of MySQL, it does not allow export when the parameter is NULL, it allows export in any folder when the parameter is empty, and it allows export in that folder when the parameter is a folder.

The details are as follows:

MySQL5.5 version: this parameter is not found in my.ini. The query for this parameter is NULL.

MySQL5.6 version: this parameter is not available in my.ini, and the query for this parameter is empty.

MySQL5.7 version: this parameter is available in my.ini. This parameter is queried as the Upload folder under the data directory.

For other versions, you will test them yourself.

0x03 utilization process

According to the conditions for lifting rights, this version should put the dll file in the lib\ plugin directory, and here I encountered a metaphysical problem. It is said on the Internet that the lib and plugin folders need to be created manually, but after I have installed them, the two folders actually exist on their own. I don't know why.

By the way, although the Internet has been talking about using NTFS ADS streams to create files, I have not successfully implemented this, and I will always report an error. I don't know why for the time being. If any boss knows, please let me know. If I work it out later, release it again.

After that is the transfer right file, here we do not have to ask others, the artifact sqlmap already has its own, just need to take it out for decryption.

You can see here that it is not a normal dll file, because what is provided in sqlmap is encoded by XOR and needs to be decrypted before use. The decryption tool sqlmap also comes with it, in the sqlmap\ extra\ cloak file.

You can decode it by using it directly. After using it, the decrypted file will be generated under the pass directory.

After renaming it, you can put it in the lib\ plugin directory by various methods.

Then you can create functions, and notice here that you need to use a hexadecimal editor to see what functions this dll file supports.

Here we can see that we can create functions such as sys_exec and sys_eval, and there is also a pit, and I don't know if it is the reason for my operation. Here, if I create a sys_exec function, after executing the command, the MySQL service will collapse completely. There is no problem with using the sys_eval function. We create the function directly here.

Create function sys_eval returns string soname 'udf.dll'

And then just execute it.

Select sys_eval ('whoami')

After using it, be sure to delete it in time.

Drop function sys_eval;delete from mysql.func where name='sys_eval'

This is the answer to the question about how to raise the rights of udf in MySQL. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel to learn more about it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.