MySQL Magic: Dump MySQL Client Password From Memory

I made this just for fun, use for illegal purposes are not allowed. The mysql client read the password, then write this for some malloc’ed memory, and free it, but just because a chunk was freed doesn’t mean it will be used again, to ensure that your programs not keep sensitive information in memory you must overwrite the memory.

The main goal is get the password passed through tty, but sometimes it also gets the password passed from command line (-pxxxxxx).

Tested in mysql Ver 15.1 Distrib 10.3.13-MariaDB, for Linux (x86_64) using readline 5.1

Also Read – Pyrit : The Famous WPA Pre-Computed Cracker, Migrated from Google

Compiling

For compile you only need to run make, if you want add some flags, for any reason, you can do that with CFLAGS=myflags make.

if the system mysql client is not placed at /usr/bin/mysql you’ll need compile with CFLAGS=-DMYSQLCLI=/path/to/mysql make

Options

mysql-magic [options]
-o comma-separated list of offset
-s search the memory for passwords and get offset
-d Write heap to the folder
-l Listen mode, wait for outgoing ipv4 connections on port 3306
-r Sleep time (Default: 3 seconds)
-p Use process_vm_readv instead of /proc/pid/mem

pass -d is a good thing to do, the password, and some informations like old queries, can remain in memory, so you can analyse this and maybe build a wordlist based on it, if the password don’t are in the offset

Demo

R K

Recent Posts

Install Python 3.7 on Ubuntu 18.04: apt and Source Build Methods

Python 3.7 was a significant release for the language. It introduced data classes, a decorator that automatically…

6 hours ago

Install Odoo 13 on Ubuntu 18.04: Python Venv and Nginx Guide

Odoo is a popular open-source suite of business applications. A single platform covers CRM, e-commerce, accounting,…

6 hours ago

Secure Apache with Let’s Encrypt on Ubuntu 18.04: Free SSL Guide

Let's Encrypt is a free, automated certificate authority run by the Internet Security Research Group…

6 hours ago

Install GCC on Ubuntu 18.04: C and C++ Compiler Setup Guide

GCC (GNU Compiler Collection) is a set of compilers and development libraries for C, C++, Fortran,…

6 hours ago

Install Python 3.8 on Ubuntu 18.04: apt and Source Build Methods

Python is one of the most widely used programming languages in the world. Its clean, readable…

6 hours ago

Install Tomcat 9 on Ubuntu 18.04: Systemd Service Setup Guide

Apache Tomcat is an open-source Java application server that implements the Java Servlet, JavaServer Pages, and…

1 day ago