Hello,
Сообщение от
AHMED HASSAN
Hi all greets to ur amazing job here
sorry fo my english
but i need help with this
now i got into site with sql inj and mysql.user table
1-got root and pass
what is the way to decrypt it?
To decrypt(right is not "decrypt", but bruteforce ) mysql root password you can use a PasswordsPro utility from www.insidepro.com
but under some circumbstances you won't need a mysql root password.
If you get a pass, than you can look for phpmyadmin, or try to connect to mysql using mysql utility.
2- i got access to load_file works but i cant find my way on the server
by load_file() doesnt got me any error
load_file(etc/passwd) works good
is there is any way to deal with this ????????
FIrst of all, if magic_quotes_gpc option is off, you can try a "select into outfile" query, to upload a shell. to do this you should know a absolute local path. to find out the paths try to read default configs and logs with load_file() function.
if magic_quotes_gpc option is on, try to get as much information as possible, probably that would help you(e.g. config files with ftp or other passwords).