MySQL Fake Server: fake MySQL Server used for penetration

by do son ·

MySQL Fake Server

MySQL Fake Server

A fake MySQL Server used for penetration, which is implemented by native python3 with out any other dependency package.

Use

  1. MySQL Client Arbitrary File Reading Exploit
  2. MySQL JDBC Client’s Java Deserialization Vulnerable Exploit

Update Information

File Reading

-Supports the reading of large files and can read binary files completely. -Tested the PDF\EXE\ZIP\JAR file and tested the ysoserial(50MB). The MD5sum is the same and can be used normally.

 

  • Do not use cmd.exe to test MD5sum, it will be different if you copy cmd.exe from the system32 directory to another directory.
  • Now you can save the read file to a file (the file name is “client ip___timestamp___file path with special characters replaced”)
  • Since the current file content is read all at one time before writing, so if you want to read GB-level files, please calculate the memory size by yourself.
  • Added the function of reading preset files in case of unknown user name(__defaultFiles option in config.json)
  • The MySQL JDBC Connector version 5.1.x needs to add a maxAllowedPacket=655360 property to the connection string, otherwise, an error will be reported.
  • For JDBC environment’ something else: https://blog.csdn.net/fnmsd/article/details/117436182

Added config.json configuration items

  • java and ysoserial’s Location configuration
  • Whether to output preview of the read file (first 1000 bytes to the console)
  • File save path and save switch

Download

Description

  1. Python3 Environment ,no need to install another package.
  2. Run Command:python server.py
  3. Ysoserial is required to use the deserialization Exploit,Support AttributesServerStatusDiffInterceptor and detectCustomCollations.
  4. MySQL user name supports special symbols such as colons and slashes, but whether it can be used depends on the specific client environment.
  5. **Recommended usage:**config.json contains some preset information, you can modify and add the File Reading and yso parameters corresponding to the specified user name by yourself. See the following instructions for details
  6. According to the login user name to return the File Reading Exploit packet or deserialize Exploit packet.

Tutorial