6

As a MySQL user without access to the mysql database, is it possible to retrieve my privileges?

asked Apr 6, 2011 at 10:40

2 Answers 2

4

It seems that using SHOW GRANTS did work in this case:

SHOW GRANTS FOR CURRENT_USER;

Although the manual states that you still need to have access to the mysql database:

SHOW GRANTS requires the SELECT privilege for the mysql database.

And accessing mysql.user directly actually didn’t work, probably because it does also contain further sensitive information like the passwords of other users:

mysql> SELECT * FROM mysql.user;
ERROR 1142 (42000): SELECT command denied to user 'user'@'host' for table 'user'
answered Apr 6, 2011 at 11:23
1

Assuming you have read-only access to the /var/lib/mysql/mysql folder, here is a hacker's approach, without disrupting the running server and without exposing any passwords:

Step 1) Install MySQL on your Windows machine. Make sure it is the same version number of MySQL as the Linux version.

Step 2) Shutdown mysql on the Windows machine:
C:\> net stop mysql

Step 3) Download the mysql schema from the Linux server and store the individual files in the mysql subfolder on the Window machine. The mysql schema contains various MyISAM and CSV files.

Step 4) Add the line 'skip-grant-tables' to my.ini on your Windows machine

Step 5) Startup mysql on the Windows machine
C:\> net start mysql

Step 6) Run mysql client on the Windows machine (no password needed at this point)

Step 7) Run this command in the mysql client

INSERT INTO mysql.user SET Host = 'localhost', User = 'myhackeruser', Password = PASSWORD('whatever'), Select_priv = 'Y', Insert_priv = 'Y', Update_priv = 'Y', Delete_priv = 'Y', Create_priv = 'Y', Drop_priv = 'Y', Reload_priv = 'Y', Shutdown_priv = 'Y', Process_priv = 'Y', File_priv = 'Y', Grant_priv = 'Y', References_priv = 'Y', Index_priv = 'Y', Alter_priv = 'Y', Show_db_priv = 'Y', Super_priv = 'Y', Create_tmp_table_priv = 'Y', Lock_tables_priv = 'Y', Execute_priv = 'Y', Repl_slave_priv = 'Y', Repl_client_priv = 'Y', Create_view_priv = 'Y', Show_view_priv = 'Y', Create_routine_priv = 'Y', Alter_routine_priv = 'Y', Create_user_priv = 'Y', max_questions = 0, max_updates = 0;

Step 8) Shutdown mysql on the Windows machine:
C:\> net stop mysql

Step 9) Startup mysql on the Windows machine:
C:\> net start mysql

Step 10) Run mysql client as myhackeruser:
C:\> mysql -umyhackeruser -pwhatever

Step 11) Run "SHOW GRANTS FOR 'whateveruserid'@'whateverhost';"

It's a long-winded approach but it works.

Give it a Try !!!

answered Apr 6, 2011 at 16:43

Your Answer

Draft saved
Draft discarded

Sign up or log in

Sign up using Google
Sign up using Email and Password

Post as a guest

Required, but never shown

Post as a guest

Required, but never shown

By clicking "Post Your Answer", you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.