Remotely Connecting to MySQL Database

Get the latest on wired & wireless, talk network setups, get help with connectivity problems, web hosts, etc.
Post Reply
User avatar
SLaX
Apprentice
Posts: 44
Joined: Fri Aug 17, 2007 2:13 pm
Location: Somewhere
Contact:

Remotely Connecting to MySQL Database

Post by SLaX » Sun Apr 24, 2011 3:16 am

So I've managed to view a dbconnect.php file on a website via directory traversal. The site in question happens to run cpanel and is hosted by godaddy. Unfortunately the password for the MySQL db is not the same as the pass for cpanel and PhpMyAdmin will not allow me to log in because cpanel wants log in credentials first. I've tried SSH and the MYSQL command in a terminal and am not able to connect.

Any ideas how I may connect remotely? Also, I'm able to view just about any file on the system, what are some other vulnerabilities I can check for to help me get a local shell running? I've already found that SQL injection is out of the question, I tested with SQLmap.

User avatar
BattousaiX
Your Senior
Posts: 933
Joined: Wed Jun 23, 2004 9:19 am

Re: Remotely Connecting to MySQL Database

Post by BattousaiX » Sun Apr 24, 2011 9:53 am

CPanel has a remote hosts section. You can add with wildcards like *.*.*.* or * or your home IP or something.

Check here.

http://forums.cpanel.net/f34/mysql-data ... 61002.html
Living tomorrow as another day of the past

User avatar
SLaX
Apprentice
Posts: 44
Joined: Fri Aug 17, 2007 2:13 pm
Location: Somewhere
Contact:

Re: Remotely Connecting to MySQL Database

Post by SLaX » Sun Apr 24, 2011 2:10 pm

Thanks for the link. It would be perfect if I could inject GRANT ALL PRIVILEGES ON `the_DB` . * TO 'username'@ 'domain_ip'; Looks like nobody enabled remote connections :( If it was a normal phpMyAdmin install I'd be able to log in. I wonder if I spoof my IP if I could fool mySQL into thinking I was localhost?

User avatar
BattousaiX
Your Senior
Posts: 933
Joined: Wed Jun 23, 2004 9:19 am

Re: Remotely Connecting to MySQL Database

Post by BattousaiX » Sun Apr 24, 2011 7:53 pm

Questions like this are something that you should direct at your host. I know of someone that hosts with Godaddy and they ask me these kind of questions.

I used to work for Acehost.net and I know for a fact when I had the same question when I was creating my site, I looked at one of the demos we provided and setup in CPanel. It was quite simple when going through. I know the support where I used to work was great, especially after I left.
Living tomorrow as another day of the past

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Remotely Connecting to MySQL Database

Post by Cool_Fire » Mon Apr 25, 2011 2:33 am

I don't think most webhost do service request for people that are hacking databases xD
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

twister
n00b
Posts: 8
Joined: Fri Jul 15, 2011 12:45 pm

Re: Remotely Connecting to MySQL Database

Post by twister » Fri Jul 15, 2011 5:05 pm

SQL Remote Access

You need type the following commands which will allow remote connections.
Step # 1: Login Using SSH (if server is outside your data center)

First, login over ssh to remote MySQL database server:

ssh user@mysql.nixcraft.i

Step # 2: Edit my.cnf File

Once connected you need to edit the MySQL server configuration file my.cnf using a text editor such as vi.

If you are using Debian Linux file is located at /etc/mysql/my.cnf location
If you are using Red Hat Linux/Fedora/Centos Linux file is located at /etc/my.cnf location
If you are using FreeBSD you need to create a file /var/db/mysql/my.cnf

Edit /etc/my.cnf, run:
# vi /etc/my.cnf
Step # 3: Once file opened, locate line that read as follows

[mysqld]

Make sure line skip-networking is commented (or remove line) and add following line

bind-address=YOUR-SERVER-IP

For example, if your MySQL server IP is 65.55.55.2 then entire block should be look like as follows:

[mysqld]
user = mysql
pid-file = /var/run/mysqld/mysqld.pid
socket = /var/run/mysqld/mysqld.sock
port = 3306
basedir = /usr
datadir = /var/lib/mysql
tmpdir = /tmp
language = /usr/share/mysql/English
bind-address = 65.55.55.2
# skip-networking
....
..
....

Where,

bind-address : IP address to bind to.
skip-networking : Don’t listen for TCP/IP connections at all. All interaction with mysqld must be made via Unix sockets. This option is highly recommended for systems where only local requests are allowed. Since you need to allow remote connection this line should be removed from my.cnf or put it in comment state.

Step# 4 Save and Close the file

Restart the mysql server, enter:
# /etc/init.d/mysql restart
Step # 5 Grant access to remote IP address

Connect to mysql server:
$ mysql -u root -p mysql
Grant access to a new database

If you want to add a new database called foo for user bar and remote IP 202.54.10.20 then you need to type the following commands at mysql> prompt:mysql> CREATE DATABASE foo;
mysql> GRANT ALL ON foo.* TO bar@'202.54.10.20' IDENTIFIED BY 'PASSWORD';
How Do I Grant Access To An Existing Database?

Let us assume that you are always making connection from remote IP called 202.54.10.20 for database called webdb for user webadmin, To grant access to this IP address type the following command At mysql> prompt for existing database, enter:
mysql> update db set Host='202.54.10.20' where Db='webdb';
mysql> update user set Host='202.54.10.20' where user='webadmin';
Step # 5: Logout of MySQL

Type exit command to logout mysql:mysql> exit
Step # 6: Open port 3306

You need to open TCP port 3306 using iptables or BSD pf firewall.
A sample iptables rule to open Linux iptables firewall

/sbin/iptables -A INPUT -i eth0 -p tcp --destination-port 3306 -j ACCEPT

OR only allow remote connection from your web server located at 10.5.1.3:

/sbin/iptables -A INPUT -i eth0 -s 10.5.1.3 -p tcp --destination-port 3306 -j ACCEPT

OR only allow remote connection from your lan subnet 192.168.1.0/24:

/sbin/iptables -A INPUT -i eth0 -s 192.168.1.0/24 -p tcp --destination-port 3306 -j ACCEPT

Finally save all rules:
# service iptables save
A sample FreeBSD / OpenBSD pf rule ( /etc/pf.conf)

pass in on $ext_if proto tcp from any to any port 3306

OR allow only access from your web server located at 10.5.1.3:

pass in on $ext_if proto tcp from 10.5.1.3 to any port 3306 flags S/SA synproxy state

Step # 7: Test it

From your remote system or your desktop type the following command:
$ mysql -u webadmin –h 65.55.55.2 –p
Where,

-u webadmin: webadmin is MySQL username
-h IP or hostname: 65.55.55.2 is MySQL server IP address or hostname (FQDN)
-p : Prompt for password

You can also use telnet to connect to port 3306 for testing purpose:
$ telnet 65.55.55.2 3306
:grin: :grin: :grin:
"A compliment is something like a kiss through a veil"
(Victor Hugo)

Da_Devil
Apprentice
Posts: 31
Joined: Wed Apr 13, 2011 8:56 am

Re: Remotely Connecting to MySQL Database

Post by Da_Devil » Wed Dec 21, 2011 9:15 am

SLaX wrote:So I've managed to view a dbconnect.php file on a website via directory traversal. The site in question happens to run cpanel and is hosted by godaddy. Unfortunately the password for the MySQL db is not the same as the pass for cpanel and PhpMyAdmin will not allow me to log in because cpanel wants log in credentials first. I've tried SSH and the MYSQL command in a terminal and am not able to connect.

Any ideas how I may connect remotely? Also, I'm able to view just about any file on the system, what are some other vulnerabilities I can check for to help me get a local shell running? I've already found that SQL injection is out of the question, I tested with SQLmap.
Considered brute forcing the sa passwd w/ sqlbrute?

"cd /pentest/database/sqlbrute" on BT5 R1 i believe.

Post Reply