--current-user and --passwords?

sqlmapproject / sqlmap

Automatic SQL injection and database takeover tool

http://sqlmap.org

Other

32.59k stars 5.73k forks source link

--current-user and --passwords? #3170

Closed JClapp2017 closed 6 years ago

JClapp2017 commented 6 years ago

These 2 switches go hand in hand.

I know the password already to the DBMS.

It seems from a pentesters standpoint I cant enumerate the password of the DBA admin using --passwords?

In MySQL dbs, where is the --current-users password stored? Why wont it enumerate?

Thanks

stamparm commented 6 years ago

For MySQL all DBMS passwords are stored inside system table mysql.user (related query: SELECT user,password FROM mysql.user). If the current user (in most cases some dummy non-admin query user) does not have privileges to read that same table, --passwords will fail.

JClapp2017 commented 6 years ago

Where is the system table mysql.user? how do you access it via remote sql injection?

thanks

stamparm commented 6 years ago

System table mysql.user is inside database mysql while the table is actually called user (mysql.user is the database+table name). If you don't have privileges you won't be able to access it. Period.