Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- sudo kill -STOP $(cat /var/run/mysqld/mysqld.pid)
- sudo kill -CONT $(cat /var/run/mysqld/mysqld.pid)
- mysql> SHOW TABLE STATUS where Name = 'user'G
- *************************** 1. row ***************************
- Name: user
- **Engine: MyISAM**
- Version: 10
- Row_format: Dynamic
- Rows: 27
- Avg_row_length: 91
- Data_length: 2476
- Max_data_length: 281474976710655
- Index_length: 2048
- Data_free: 0
- Auto_increment: NULL
- Create_time: 2012-04-12 11:46:21
- Update_time: 2013-01-22 00:16:00
- Check_time: 2013-01-19 20:52:09
- Collation: utf8_bin
- Checksum: NULL
- Create_options:
- Comment: Users and global privileges
- 1 row in set (0.00 sec)
- # mkdir /var/lib/mysql2/
- # ln -s /var/lib/mysql/mysql /var/lib/mysql2/mysql
- # /usr/sbin/mysqld --basedir=/usr
- --datadir=/var/lib/mysql2
- --plugin-dir=/usr/lib64/mysql/plugin
- --user=mysql
- --log-error=/var/lib/mysql2/server-64654.err
- --pid-file=/var/lib/mysql2/server-64654.pid
- --socket=/var/lib/mysql2/mysql.sock
- --port=3307
- --init-file=/var/cache/chef/grants.sql
- --datadir=/var/lib/mysql2/
- GRANT ALL ON *.* TO 'nagios-user'@'127.0.0.1' IDENTIFIED BY 'xxx' WITH GRANT OPTION;
- FLUSH PRIVILEGES;
- mysql --port=3307 -h 127.0.0.1 -e 'select User from mysql.user'
- +-------------+
- | User |
- +-------------+
- | root |
- | nagios_user |
- mysql --port=3306 -h 127.0.0.1 -e 'select User from mysql.user'
- +-------------+
- | User |
- +-------------+
- | root |
- GRANT SELECT ON heartbeart.* to 'nagios-monitor'@'123.123.123.123'
- INSERT INTO mysql.user SET
- user='nagios-monitor',
- host='123.123.123.123',
- password=PASSWORD('whateverpassword');
- INSERT INTO mysql.db SET
- user='nagios-monitor',
- host='123.123.123.123',
- db='heartbeat',
- select_priv='Y';
- FLUSH PRIVILEGES;
- mysql> show grants for 'nagios-monitor'@'123.123.123.123';
- +----------------------------------------------------------------------+
- | Grants for nagios-monitor@123.123.123.123 |
- +----------------------------------------------------------------------+
- | GRANT USAGE ON *.* TO 'nagios-monitor'@'123.123.123.123' |
- | GRANT SELECT ON `heartbeart`.* TO 'nagios-monitor'@'123.123.123.123' |
- +----------------------------------------------------------------------+
- 2 rows in set (0.03 sec)
- mysql>
- INSERT INTO mysql.user SET
- user='nagios-monitor',
- host='123.123.123.123',
- password=PASSWORD('whateverpassword');
- INSERT INTO mysql.tables_priv SET
- user='nagios-monitor',
- host='123.123.123.123',
- db='nagiosdb',
- grantor='root@localhost',
- table_priv='Select';
- FLUSH PRIVILEGES;
- mysql> show grants for 'nagios-monitor'@'123.123.123.123';
- +------------------------------------------------------------------------------+
- | Grants for nagios-monitor@123.123.123.133 |
- +------------------------------------------------------------------------------+
- | GRANT USAGE ON *.* TO 'nagios-monitor'@'123.123.123.123' |
- | GRANT SELECT ON `nagiosdb`.`heartbeat` TO 'nagios-monitor'@'123.123.123.123' |
- +------------------------------------------------------------------------------+
- 2 rows in set (0.00 sec)
- mkdir /var/lib/mysql/mysql_schema
- cd /var/lib/mysql/mysql_schema
- cp /var/lib/mysql/mysql/* .
- chown -R mysql:mysql /var/lib/mysql/mysql_schema
- mkdir /var/lib/mysql/mysql_nagios
- cd /var/lib/mysql/mysql_nagios
- cp /var/lib/mysql/mysql/* .
- chown -R mysql:mysql /var/lib/mysql/mysql_nagios
- mkdir /var/lib/mysql/mysql_injection
- chown -R mysql:mysql /var/lib/mysql/mysql_injection
- INSERT INTO mysql_nagios.user SET
- user='nagios-monitor',
- host='123.123.123.123',
- password=PASSWORD('whateverpassword');
- INSERT INTO mysql_nagios.tables_priv SET
- user='nagios-monitor',
- host='123.123.123.123',
- db='nagiosdb',
- grantor='root@localhost',
- table_priv='Select';
- SET GLOBAL event_scheduler = 1;
- rm -f /var/lib/mysql/mysql_injection/*
- cp /var/lib/mysql/mysql_nagios/* /var/lib/mysql/mysql_injection/.
- use mysql_injection
- DELIMITER $$
- CREATE EVENT ev_schema_inject
- ON SCHEDULE
- EVERY 1 MINUTE
- STARTS (NOW() + INTERVAL 1 MINUTE)
- DO
- BEGIN
- REPLACE INTO mysql.user SELECT * FROM mysql_injection.user;
- REPLACE INTO mysql.tables_priv SELECT * FROM mysql_injection.tables_priv;
- FLUSH PRIVILEGES;
- END $$
- DELIMITER ;
- DELETE FROM mysql.user;
- DELETE FROM mysql.tables_priv;
- INSERT INTO mysql.user SELECT * FROM mysql_orig.user;
- INSERT INTO mysql.tables_priv SELECT * FROM mysql_orig.tables_priv;
- FLUSH PRIVILEGES;
- SET GLOBAL event_scheduler = 0;
- # echo "select version()" | mysql -uroot
- ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: NO)
- tbreak check_scramble
- commands
- silent
- return (long int)0
- end
- cont
- # gdb -p $(cat /var/run/mysqld/mysqld.pid) -batch
- -x gdbscript
- [New LWP 21273]
- [New LWP 21272]
- [Thread debugging using libthread_db enabled]
- 0x00007f6849d4a383 in poll () from /lib64/libc.so.6
- Temporary breakpoint 1 at 0x660204: file /export/home/pb2/build/sb_0-26265460-1512805762.25/rpm/BUILD/mysql-5.6.39/mysql-5.6.39/sql/password.c, line 556.
- # mysql -uroot -p123
- Welcome to the MySQL monitor. Commands end with ; or g.
- Your MySQL connection id is 153
- mysql> UPDATE mysql.user SET Password=PASSWORD('SOMENEWPASSWORD') WHERE USER='root';
- mysql> flush privileges;
- Temporary breakpoint 1 at 0x660204: file /export/home/pb2/build/sb_0-26265460-1512805762.25/rpm/BUILD/mysql-5.6.39/mysql-5.6.39/sql/password.c, line 556.
- [Switching to Thread 0x7f68209f3700 (LWP 22242)]
- [~]# echo "SELECT VERSION() | mysql -uroot -pSOMENEWPASSWORD
- version()
- 5.6.39
Add Comment
Please, Sign In to add comment
