Chapter 19: MySQL: Moving Further into the Network

Overview

Unlike some of the larger database systems described in this volume, such as Oracle and Sybase, MySQL has little by way of native network support. Once a MySQL database server is compromised, an attacker's options for further network penetration are somewhat limited, basically consisting of adding user -defined functions to MySQL.

Because this chapter relates to extending control from a single compromised MySQL server into the rest of the network, it seems an appropriate place to discuss a minor modification to the standard MySQL command-line client that enables you to authenticate with MySQL versions prior to 4.1 using only the password hash. Once a single MySQL server is compromised, it may be possible to compromise other MySQL servers with the password hashes recovered from the compromised host.



Database Hacker's Handbook. Defending Database Servers
The Database Hackers Handbook: Defending Database Servers
ISBN: 0764578014
EAN: 2147483647
Year: 2003
Pages: 156

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net