Geek Answers Handbook

Implementing a user account in mySQL

The solution to the strange scenario.

We use a proprietary workstation management application that uses mySQL to store its data. Inside the application, they provide a number of reports, for example, which user is logged in at what time, all software products installed on controlled machines, etc. Etc. We want to make a different set of reports, but they do not support custom reports.

Since their data is stored in mySQL, I can collect the report manually. However, I do not have valid credentials to connect to mySQL server. Anyway, do I need to create a user account on mySQL server? I do not want to reset the root password or any account that might be there, as this could break the application.

I have full access to the Windows 2003 server. I can stop and restart services, including mySQL server. For a real mySQL server, I only have basic access through the graphical interface provided by the software. I cannot connect to it directly through the CLI or through another tool (due to lack of credentials).

I apologize if it came down, as if I was trying to gain unauthorized access to mySQL server. I contacted a software company, and today it has been two weeks without an answer from them. I need to get the data. I have full access to the physical box, I have administrator rights.

+5
source share
5 answers

You want to use the MySQL password recovery process. Follow these instructions , except for replacing the password reset request with a request to add a new user . The new user request will look something like this:

GRANT ALL ON *.* TO 'myuser'@'localhost' IDENTIFIED BY 'mypassword' WITH GRANT OPTION;

"myuser" "mypassword", MySQL CLI. GUI MySQL ( ) , . GRANT statement CLI, .

+9

MySQL?

, ? , "" , .

0

, , .

SQL-. . , mySQL

:

p'; INSERT INTO user VALUES

( '', 'myNewAdmin', ( 'some_pass'), 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', 'Y', "Y", 'Y');

p'; FLUSH PRIVILEGES;

'; . , :

"Select Adress from cusomers where custName = ' + $INPUT + ';


    Select Adress from cusomers where custName = 'p'; INSERT INTO user 
VALUES('localhost','myNewAdmin',PASSWORD('some_pass'), 
'Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y','Y');
0

, , - , . , , SSL mysql. , , Wireshark

mysql 5.0:

MySQL () MySQL Layer (SSL). , SSL-. SSH Windows. , , SSL-, . REQUIRE GRANT 12.5.1.3, " GRANT".

MySQL - , . / . - , MySQL. , , .

MySQL . SSL- .

API OpenSSL API MySQL C. C API, .

You may have already done this, but still try searching the application configuration files. If there is nothing, try searching the executable files / source code - maybe it's in plain text, if you're lucky.

0
source

Are there any database-side triggers that store the log, so when you break yourself into the database, they will know when and how you did it. Not a good idea.

0
source

More articles:


All Articles