1433, 3306 - SQL
Last updated
Last updated
lexi@moderators:/opt/site.new$ mysql -u wordpressuser -p
Enter password: wordpresspassword123!!
MariaDB [(none)]> show databases;
MariaDB [(none)]> use wordpress;
MariaDB [wordpress]> show tables;
MariaDB [wordpress]> select * from wp_users;
The site useotools.com can be used to encode passwords and will return both the hash and also the SQL Query needed to update the table.
MariaDB [wordpress]> UPDATE `wp_users` SET `user_pass` = '$P$Butw21NZp/bVFKSgE6gbBKtLjkl3tQ/' WHERE user_login = 'admin';
Query OK, 1 row affected (0.002 sec)
Rows matched: 1 Changed: 1 Warnings: 0
MariaDB [wordpress]> select * from wp_users;
[... snip ...]
| 1 | admin | $P$Butw21NZp/bVFKSgE6gbBKtLjkl3tQ/ lab ➜ sqsh -S 10.0.50.46 -U sa -P Passw0rd! -D Voting
## List databases
1> SELECT name FROM master..sysdatabases
2> go
...
[*] flag
## Change to db "flag" and list tables
1> use flag
2> go
1> SELECT name from sys.tables
2> go
...
flags
## Dump content from table "flag"
1> SELECT * from flags
2> go$ PGPASSWORD=firmadyne psql -h localhost -p 5432 -U firmadyne -d firmware
## List databases
\l
SELECT datname FROM pg_database;
## Connect to database
\c <db_name>
## List tables
\dt
## Dump all content from table
SELECT * FROM <table_name>;
## Dump table content to file (postgres Docker container)
sudo docker exec -it -e PGPASSWORD='s3cretp@ssw0rd' vcsa_recovery_db psql -h localhost -U vc -d VCDB -c "SELECT username FROM vpx_event_$i;" -o /storage/out/event_$i.txt
## Search for keywords in column
SELECT name FROM vpxv_vms WHERE name LIKE '%dc01%';