Shulou(Shulou.com)05/31 Report--

This article shares with you the content of an example of Phpmyadmin penetration testing. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

First of all, a certain station was scanned through a directory scan, and it was found that there was phpmyadmin. I tried the weak password root:root and was very lucky to get in.

Try to connect to the database using Navicate and return to disable remote connections to the database:

However, it is open when the remote command execution discovers the local port 3306, so try to connect through the agent:

Upload the ntunnel_mysql.php file (the proxy script for the database) to any web site directory of the target server under the Navicat installation directory (uploaded after getshell)

Upload to D:/phpStudy/WWW directory for access http://XXX/ntunnel_mysql.php test is successful

Test the connection:

(at this point, open the Navicat configuration http connection locally, and the channel address here will write the url you accessed above. To put it bluntly, it is a proxy. Check it with base64 encoding to prevent waf from causing trouble. Then the host name is written as localhost, and the account password is written as the account of the lnmp01 local database user, because you need to connect to the local mysql of lnmp01.)

Phpmyadmin Get Shell:

Make use of log files

Mysql version 5.0 or later creates log files, modifies the global variables of the log, or getshell. However, you should also have read and write access to the generated log.

Set global general_log = "ON"; # when general is turned on, all the executed sql statements will appear in the WIN-30DFNC8L78A.log file. Then, if you modify the value of general_log_file, the executed sql statement will be generated accordingly and the getshellSET global general_log_file='D:/phpStudy/WWW/test1234.php'; # will generate the test1234.php file select'; # write a sentence Trojan to the test1234.php file

Kitchen knife connection:

Thank you for reading! This is the end of this article on "examples of Phpmyadmin penetration testing". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.