MySQL#

MySQL Overview#

• MySQL is an open-source relational database management system (RDBMS) developed by Oracle.
• Uses SQL (Structured Query Language) to manage databases.
• Based on a client-server model:
  • MySQL Server: stores and manages the data.
  • MySQL Clients: send queries to interact with the server.

🧑‍💻 Clients and Usage#

• Clients can insert, delete, update, and retrieve data using SQL.
• Access can be local (localhost) or via remote networks.
• Used by popular platforms like WordPress to store posts, usernames, etc.

🧰 Where MySQL is Used#

• Commonly used in dynamic websites.
• Often part of LAMP/LEMP stack:
  • LAMP = Linux + Apache + MySQL + PHP
  • LEMP = Linux + Nginx + MySQL + PHP
• Stores data like:
  • Usernames, passwords, posts
  • Forms, meta tags, email addresses

🛠️ MySQL Commands#

• SQL can:
  • View (SELECT)
  • Modify (UPDATE)
  • Insert (INSERT)
  • Delete (DELETE) data
  • Alter table structures
• Error messages can reveal vulnerabilities like SQL injection.

🆚 MariaDB vs MySQL#

• MariaDB is a fork of MySQL made after Oracle acquired it.
• Maintains open-source ideology and compatibility.

⚙️ Default Configuration#

Example of configuration file: /etc/mysql/mysql.conf.d/mysqld.cnf

Key configurations:

port = 3306
socket = /var/run/mysqld/mysqld.sock
datadir = /var/lib/mysql
user = mysql

Command to view settings:

sudo apt install mysql-server -y
cat /etc/mysql/mysql.conf.d/mysqld.cnf | grep -v "#" | sed -r '/^\s*$/d'

⚠️ Dangerous Settings#

• Misconfigurations can expose passwords, user data, and allow unauthorized access.

🔍 Footprinting MySQL#

• MySQL listens on port 3306.
• Can be scanned using Nmap:

nmap -sV -sC -p3306 --script mysql* <target-IP>

Example outputs may show:

• Version info
• Default or empty passwords
• Available users
• Vulnerabilities

🔑 Interacting with MySQL Server#

• Try logging in:

mysql -u root -h <IP>

• With password:

mysql -u root -pP4SSw0rd -h <IP>

• If successful, you can run SQL commands directly.