专栏首页*坤的BlogOsmotic Study ----Mysql Safe

Osmotic Study ----Mysql Safe

     Thanks Ichunqiu company.I have a chance to learn some lessons for free in five days till 10.1 this year.Here is the address.https://www.ichunqiu.com. But  you may have no access to all ithe videos.There are many video on the Internet,but here in Ichunqiu It is arranged very well!

     This article is tested by a mysql database.The oher database may use the same way.

     Step 1:Get the sql database address

      You have to ways to get these.One is finding some website those have some xss and other deangerous bug.And  you need send your trojan on it.And then you can get the config files or the database files on it.The config files may be conn,sql,inc,common,data etc catalog.If you get them you can get the link address easily.In case of this situation,you may need design you website safely ,connect the data without root or sa , write you own config with encryption,update the database in time and install the Waf on your server PC.You can design the website,encrypt the config files may be little problem.The other way to get the address may scan add the ip address using weak password ,such as root 123456,root root,etc.Incase of this situation,set a strong password with lower abc ,upper ABC,numbers 123,and some other symbol like !@#$%^ is necessary.Especially in you server PC.Because the one who get this,can get the account of you server PC easily.I will tell you in the step2 in the article.

        Step2:Creat your account

        If you have get the address to a mysql database ,you can promote your authority and creat a windows account through the UDF tool ,the MOD bug or other mothods.And in this way, you can open port that you can use the mstsc.exe.And then you have it.

   The reference lesson link is this https://www.ichunqiu.com/qad/course/52775.

       All rights reserved.Reprinted with reference to the source.

本文参与腾讯云自媒体分享计划,欢迎正在阅读的你也加入,一起分享。

我来说两句

0 条评论
登录 后参与评论

相关文章

  • hdu1007

    @坤的
  • leetcode 28 Implement strStr()

    @坤的
  • hdu1098

    @坤的
  • Install ExpressCache for SSD Caching

    如果你拥有一个安装SSD的电脑,而且已经安装了Windows操作系统。如果这台电脑在出厂OEM 系统分区但都已经被你改变了或者是全新的硬盘,那么这篇文章可能适合...

    gigiwangs
  • 搭建Ubuntu12.04交叉编译服务器

    最近学着搭建一台Linux服务器作为交叉编译的主机之用,服务器端选择了Ubuntu12.04 LTS桌面版,客户端采用Windows XP平台,使用SSH工具...

    ccf19881030
  • Lint Tool Analysis (3)

    本系列的几篇源码分析文档意义不大,如果你正好也在研究lint源码,或者你想知道前面自定义lint规则中提出的那几个问题,抑或你只是想大致了解下lint的源码都有...

    宅男潇涧
  • SAP ABAP和Java跨域请求问题的解决方案

    There is an excellent blog Cross-domain communications with ABAP and JSONP writt...

    Jerry Wang
  • The Black Dot---Day7

    One day, a professor entered his classroom and asked his students to prepare for...

    honey缘木鱼
  • C++ - “当前不会命中断点 还没有为该文档加载任何符号”解决方法

    调试时总是出现“当前不会命中断点 还没有为该文档加载任何符号”这样的错误。出现这种情况的时候,可以按以下几种方式解决:

    AIHGF
  • Leetcode 292. Nim Game

    You are playing the following Nim Game with your friend: There is a heap of sto...

    triplebee

扫码关注云+社区

领取腾讯云代金券