Connecting to Remote Mysql Databse.

Greetings,

I was testing a web-server, where I explored certain vulnerabilities in wordpress, allowing me to download arbitrary files from the web-server. I gained the authorization credentials to the database, but this time there was something new. I couldn't connect to the web-server's databse at 3306 port(Mysql). The reason here was that my the DBA has only allowed a specific group of users to connect.

Now, if someone could help me out here, could be really great.

My question here is, how to bypass this restriction of connection to the database remotely.

P.S: This is doesnot intend to harm anyone.I take full responsibility of the information I am going to learn will not harm anyone, and is just seeked in regard of knowledge.

Thank you! :)

2 Responses

well if you can't access to the db you may try these things

try to login to wordpress or cpanel or ftp ... with the db password
try to find the contact us email in the website and try to connect to the webmail server with the db password and find some info... !
or just download the plugin/theme source code from the web server and try to find another vulnerabilities
you may find some websites in the same server which use the same plugin/theme and allow you to connect to the db ! then upload ur shell and try to gain access to your first target in the server

-The Philosopher

Thank you so much for replying.

But, I was working on a way to penetrate the database only, neglecting the other ports.

I did some research myself, found out we can remotely ssh to the database through the target's localhost itself. But, this way we require ssh credentials as well, which is another issue.

So here my question is how can I communicate with the database?

Uploading a shell script might help, but a different approach is always present right!? :D

Share Your Thoughts