mysql-pentesting
Best for Security penetration testersWorks with GitHubHigh risk
⌘source
- author
@wgpsec- language
- Python
★1.2kstars
199forks
Apr 22, 2026
✦overview.md
Key Features
- ·Methodology for MySQL service penetration testing on port 3306
- ·Covers service discovery, version identification, and authentication testing
- ·Includes database enumeration and privilege escalation techniques
- ·Details UDF exploitation for command execution
- ·Covers file read/write operations via MySQL
- ·Addresses SQL injection exploitation
Use Cases
- →Testing the security of an exposed MySQL service on port 3306
- →Enumerating databases and user permissions after gaining access
- →Attempting to escalate privileges via UDF or file operations
- →Exploiting SQL injection vulnerabilities in a MySQL context
Best for
- ✓Security penetration testers
- ✓Red team operators
- ✓Network vulnerability assessments
Not ideal for
- !General database administration
- !Development or debugging tasks
- !Non-security-related database operations
FAQs
name
mysql-pentesting
description
MySQL 数据库服务(3306 端口)渗透测试方法论。涵盖 MySQL 服务发现与版本识别、默认凭据与匿名访问测试、数据库枚举、权限提升(UDF/文件读写/命令执行)、MySQL 注入利用、已知漏洞利用。
当 Agent 扫描发现 3306 端口开放、需要测试 MySQL 认证强度、枚举数据库内容、或通过 MySQL 实现命令执行时,触发此 Skill。
metadata:{"tags":["mysql","数据库","3306端口","udf提权","文件读写","sql注入"],"category":"exploit/network-service"}
MySQL 渗透测试方法论 (3306)
相关 skill: SQL 注入 ->
sql-injection; 凭据喷洒 ->cred-spray; 权限提升 ->privilege-escalation
深入参考
- UDF 提权、文件读写、Rogue Server、JDBC 利用、哈希破解完整命令 -> 读 references/mysql-techniques.md
整体决策树
发现 3306 端口开放
├─ Phase 1: 服务发现与版本识别
│ ├─ 确定 MySQL/MariaDB 版本
│ ├─ 识别操作系统与运行用户
│ └─ 检测 secure_file_priv / local_infile 配置
├─ Phase 2: 认证测试
│ ├─ 匿名/空密码登录
│ │ ├─ 成功 -> 直接进入 Phase 3
│ │ └─ 失败 -> 默认凭据 -> 暴力破解
│ ├─ 默认凭据 (root:空, root:root, root:toor 等)
│ └─ CVE-2012-2122 认证绕过 (MariaDB/MySQL 5.1.x)
├─ Phase 3: 数据库枚举
│ ├─ 库/表/列枚举 (information_schema)
│ ├─ 权限枚举 (SHOW GRANTS / mysql.user)
│ │ ├─ FILE 权限 -> 进入 Phase 4 文件读写
│ │ ├─ SUPER 权限 -> 进入 Phase 4 UDF
│ │ └─ 普通权限 -> 提取敏感数据,尝试密码复用
│ └─ 用户哈希提取 (mysql.user / mysql_hashdump)
├─ Phase 4: 权限提升
│ ├─ UDF 提权 (lib_mysqludf_sys)
│ │ ├─ Linux: .so 加载 -> sys_exec()
│ │ └─ Windows: .dll 加载 -> sys_exec() / NTFS ADS 目录创建
│ ├─ 文件读写
│ │ ├─ LOAD_FILE() 读取系统文件
│ │ ├─ INTO OUTFILE 写入 Webshell / .pth payload
│ │ └─ LOAD DATA LOCAL INFILE (客户端文件读取)
│ └─ MySQL 客户端 Shell (\! sh)
├─ Phase 5: MySQL 注入利用
│ ├─ UNION 注入 -> 信息泄露 / 文件读写
$install
1-click copynpx skills add wgpsec/AboutSecurity --skill mysql-pentestingSafety assessment
★
Clarity score
How clear and easy to understand the SKILL.md instructions are, rated from 1 to 5.
5/ 5
excellentVery clear and well structured, with almost no room for misunderstanding.
◎
Actionability score
How directly an agent can act on the SKILL.md instructions, rated from 1 to 5.
5/ 5
very highHighly actionable with clear, concrete steps that an agent can follow directly.