Re: [sqlmap-users] SQL Query To Retrieve MySQL Server IP Address
Brought to you by:
inquisb
Menu
▾
▴
Re: [sqlmap-users] SQL Query To Retrieve MySQL Server IP Address
|
From: Stephen S. <ss...@ss...> - 2012-11-28 09:12:43
|
Don't all these current methods rely on either the hostname of the MySQL server to be something that actually resolves, or a authentication rule using a public IP? If a server is NAT'd, won't both of these fail? Could a more reliable way of getting the IP/hostname be make a DNS request or simliar, that way you'll get the public IP as long as it can make an outgoing connection (which seems more likely on average than having a rule for authenticating users with it, or having the hostname be resolvable). Maybe sqlmap could try a combination of these for an improved hostname lookup? Or is this more work for a edge case (or possibly what I said above is wrong and one of the other methods will consistently work). On Wed, Nov 28, 2012 at 10:04 PM, Miroslav Stampar < mir...@gm...> wrote: > Hi. > > If you want to get IP addresses of interest you could try something like > this: > --sql-query="SELECT host, user FROM mysql.user WHERE user LIKE '%root%' OR > user LIKE '%admin%'" > > back-end DBMS: MySQL >= 5.0.0 > [10:00:24] [INFO] fetching SQL SELECT statement query output: 'SELECT > host, user FROM mysql.user WHERE user LIKE '%root%' OR user LIKE '%admin%'' > SELECT host, user FROM mysql.user WHERE user LIKE '%root%' OR user LIKE > '%admin%' [6]: > [*] 127.0.0.1, root > [*] 172.16.162.1, root > [*] 192.168.21.1, root > [*] debian-5.0-i386, root > [*] localhost, root > > Kind regards, > Miroslav Stampar > > > On Wed, Nov 28, 2012 at 9:55 AM, Zaki Akhmad <zak...@gm...> wrote: > >> On Wed, Nov 28, 2012 at 3:53 PM, Leon Jacobs <leo...@gm...> wrote: >> > On Wed, Nov 28, 2012 at 10:48 AM, Miroslav Stampar >> > <mir...@gm...> wrote: >> >> >> >> That proposed solution is equivalent to the SELECT @@hostname (except >> that >> >> last one doesn't need that non-query SHOW statement). Only thing is >> that >> >> you'll get a same result as in --hostname which is not an IP address >> that >> >> your require. Have to seek what can be used here. >> > >> > >> > Yeah this is perfect. And then hopefully getting the IP is as simple as >> > looking up the hostname, assuming it resolves but that is not >> guaranteed. =p >> >> the --sql-query="select @@hostname" works :-) >> >> -- >> Zaki Akhmad >> > > > > -- > Miroslav Stampar > http://about.me/stamparm > > > ------------------------------------------------------------------------------ > Keep yourself connected to Go Parallel: > INSIGHTS What's next for parallel hardware, programming and related areas? > Interviews and blogs by thought leaders keep you ahead of the curve. > http://goparallel.sourceforge.net > _______________________________________________ > sqlmap-users mailing list > sql...@li... > https://lists.sourceforge.net/lists/listinfo/sqlmap-users > > |
