hc0d3r/mysql-magic hc0d3r/mysql-magic

  • Stars
    star
    234
  • Rank 171,630 (Top 4 %)
  • Language
    C
  • License
    MIT License
  • Created over 5 years ago
  • Updated over 1 year ago
Twitter logo Share LinkedIn logo Share Facebook logo Share
hc0d3r/mysql-magic
github

hc0d3r

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

dump mysql client password from memory

mysql-magic

I made this just for fun, use for illegal purposes are not allowed.

The mysql client read the password, then write this for some malloc'ed memory, and free it, but just because a chunk was freed doesn't mean it will be used again, to ensure that your programs not keep sensitive information in memory you must overwrite the memory.

The main goal is get the password passed through tty, but sometimes it also gets the password passed from command line (-pxxxxxx).

Tested in mysql Ver 15.1 Distrib 10.3.13-MariaDB, for Linux (x86_64) using readline 5.1

Compiling

First clone the project using git clone --recurse-submodules https://github.com/hc0d3r/mysql-magic.

for compile you only need to run make, if you want add some flags, for any reason, you can do that with CFLAGS=myflags make.

if the system mysql client is not placed at /usr/bin/mysql you'll need compile with CFLAGS=-DMYSQLCLI=/path/to/mysql make

Options

mysql-magic [options] <pid>
 -o <offset>  comma-separated list of offset
 -s            search the memory for passwords and get offset
 -d <dir>      Write heap to the folder
 -l            Listen mode, wait for outgoing ipv4 connections on port 3306
 -r <secs>     Sleep time (Default: 3 seconds)
 -p            Use process_vm_readv instead of /proc/pid/mem

pass -d is a good thing to do, the password, and some informations like old queries, can remain in memory, so you can analyse this and maybe build a wordlist based on it, if the password don't are in the offset

Demo

More Repositories

1

tea

ssh-client worm
C
153
star
2

tas

A tiny framework for easily manipulate the tty and create fake binaries.
C
150
star
3

sudohulk

try privilege escalation changing sudo command
C
114
star
4

sshd-poison

sshd-poison is a tool that modifies a sshd binary to capture password-based authentications and allows you to login in some accounts using a magic-pass.
C
91
star
5

alfheim

a linux process hacker tool
C
85
star
6

Consulta-cpf-cnpj

Faz consulta de CPF e CNPJ direto do site da Receita Federal (receita.fazenda.gov.br) , efetuando bypass no sistema de CAPTCHA.
PHP
83
star
7

C

some codes
C
39
star
8

ldpreload-disable

disable LD_PRELOAD on linux
Shell
18
star
9

scdump

shellcode dumper
C
14
star
10

ignotum

a simple lib to help read and write in the memory of a linux process
C
13
star
11

chroot-escape

try escape from chroot with non root user
C
12
star
12

syscall64ref

Shell
12
star
13

noexec-bypass

Assembly
10
star
14

w1r3bot

Just another irc bot
Perl
9
star
15

tinydns

A tiny library to perform DNS queries based on RFC 1035, works only with UDP servers.
C
9
star
16

push-obfuscator

Perl
6
star
17

nopasswd-scan

Find files that don't need a password to be executed by sudo.
C
6
star
18

asm

Assembly
5
star
19

vnc-cut-logger

C
4
star
20

seccomp-macros

macros to make easy build seccomp filters without use libseccomp
C
4
star
21

forkontrol

C
4
star
22

spyderhook

system call hooking library.
C
3
star
23

Damas

Checkers game coded in C, using ncurses lib
C
3
star
24

remap_annon

Remaps the pages, which refer to the file to which this code is associated, to anonymous pages.
C
3
star
25

elysian-socks

C
1
star
26

hc0d3r.github.io

CSS
1
star