Database Credentials

Checking for database credentials after performing a manual system enumeration

www-data@vmdak:/var/www/prison/database$ ll
total 24K
4.0K -rw-r--r--  1 www-data www-data  318 Aug 20  2024 connect2.php
4.0K -rw-r--r--  1 www-data www-data  365 Aug 20  2024 connect.php
4.0K drwxr-xr-x  2 www-data www-data 4.0K Aug 20  2024 .
4.0K -rw-r--r--  1 www-data www-data   31 Aug 20  2024 .htaccess
4.0K drwxr-xr-x 17 www-data www-data 4.0K Aug 20  2024 ..
4.0K -rw-r--r--  1 www-data www-data 3.9K Apr  5  2024 employee_akpoly.sql

The /var/www/prison/database directory contains the database configuration files

`connect.php`

www-data@vmdak:/var/www/prison/database$ cat connect.php
<?php 
// DB credentials.
define('DB_HOST','localhost');
define('DB_USER','root');
define('DB_PASS','sqlCr3ds3xp0seD');
define('DB_NAME','employee_akpoly');
try
{
$dbh = new PDO("mysql:host=".DB_HOST.";dbname=".DB_NAME,DB_USER, DB_PASS,array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES 'utf8'"));
}
catch (PDOException $e)
{
exit("Error: " . $e->getMessage());
}
?>

root:sqlCr3ds3xp0seD

`connect2.php`

www-data@vmdak:/var/www/prison/database$ cat connect2.php
<?php
/* Local Database*/
$servername = "localhost";
$username = "root";
$password = "sqlCr3ds3xp0seD";
$dbname = "employee_akpoly";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
    die("Connection failed: " . mysqli_connect_error());
}
?>

root:sqlCr3ds3xp0seD

`employee_akpoly.sql`

www-data@vmdak:/var/www/prison/database$ cat employee_akpoly.sql
cat employee_akpoly.sql
-- phpMyAdmin SQL Dump
-- version 5.2.0
-- https://www.phpmyadmin.net/
--
-- Host: 127.0.0.1
-- Generation Time: Nov 20, 2023 at 11:34 AM
-- Server version: 10.4.24-MariaDB
-- PHP Version: 8.1.6
 
SET SQL_MODE = "NO_AUTO_VALUE_ON_ZERO";
START TRANSACTION;
SET time_zone = "+00:00";
 
 
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8mb4 */;
 
--
-- Database: `employee_akpoly`
--
 
-- --------------------------------------------------------
 
--
-- Table structure for table `tblemployee`
--
 
CREATE TABLE `tblemployee` (
  `id` int(11) NOT NULL,
  `employeeID` varchar(150) NOT NULL,
  `fullname` varchar(300) NOT NULL,
  `password` varchar(15) NOT NULL,
  `sex` varchar(10) NOT NULL,
  `email` varchar(100) NOT NULL,
  `dob` varchar(30) NOT NULL,
  `phone` varchar(12) NOT NULL,
  `address` varchar(100) DEFAULT NULL,
  `qualification` varchar(100) NOT NULL,
  `dept` varchar(100) NOT NULL,
  `employee_type` varchar(60) NOT NULL,
  `date_appointment` varchar(20) NOT NULL,
  `basic_salary` varchar(60) NULL,
  `gross_pay` varchar(60) NULL,
  `status` varchar(1) NOT NULL,
  `leave_status` varchar(20) NOT NULL,
  `photo` varchar(5000) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
 
--
-- Dumping data for table `tblemployee`
--
 
INSERT INTO `tblemployee` (`id`, `employeeID`, `fullname`, `password`, `sex`, `email`, `dob`, `phone`, `address`, `qualification`, `dept`, `employee_type`, `date_appointment`, `basic_salary`, `gross_pay`, `status`, `leave_status`, `photo`) VALUES
(7, 'STAFF/FKP/2023/4860', 'Malcom', 'escobar2012', 'Male', 'releaseme@gmail.com', '12/9/1980', '08067361023', 'USA', 'Theft', 'USA Justice', 'Prisoner', '9/9/2023', 'NULL', 'NULL', '1', 'Pending', 'uploadImage/Profile/2.png');
 
-- --------------------------------------------------------
 
--
-- Table structure for table `tblleave`
--
 
CREATE TABLE `tblleave` (
  `ID` int(4) NOT NULL,
  `email` varchar(100) NOT NULL,
  `leaveID` varchar(6700) NOT NULL,
  `start_date` varchar(25) NOT NULL,
  `end_date` varchar(25) NOT NULL,
  `reason` varchar(5000) NOT NULL,
  `status` varchar(50) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4;
 
--
-- Dumping data for table `tblleave`
--
 
INSERT INTO `tblleave` (`ID`, `email`, `leaveID`, `start_date`, `end_date`, `reason`, `status`) VALUES
(14, 'releaseme@gmail.com', '2023399', '2023-10-29', '2023-11-15', 'Bail', 'Approved');
 
-- --------------------------------------------------------
 
--
-- Table structure for table `users`
--
 
CREATE TABLE `users` (
  `username` varchar(12) NOT NULL,
  `password` varchar(15) NOT NULL,
  `phone` varchar(14) NOT NULL,
  `fullname` varchar(34) NOT NULL,
  `photo` varchar(4000) NOT NULL
) ENGINE=InnoDB DEFAULT CHARSET=latin1;
 
--
-- Dumping data for table `users`
--
 
INSERT INTO `users` (`username`, `password`, `phone`, `fullname`, `photo`) VALUES
('admin', 'admin123', '0905656', 'Caroline Bassey', 'uploadImage/Profile/User.png');
 
--
-- Indexes for dumped tables
--
 
--
-- Indexes for table `tblemployee`
--
ALTER TABLE `tblemployee`
  ADD PRIMARY KEY (`id`),
  ADD UNIQUE KEY `email` (`email`);
 
--
-- Indexes for table `tblleave`
--
ALTER TABLE `tblleave`
  ADD PRIMARY KEY (`ID`);
 
--
-- Indexes for table `users`
--
ALTER TABLE `users`
  ADD PRIMARY KEY (`username`);
 
--
-- AUTO_INCREMENT for dumped tables
--
 
--
-- AUTO_INCREMENT for table `tblemployee`
--
ALTER TABLE `tblemployee`
  MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=8;
 
--
-- AUTO_INCREMENT for table `tblleave`
--
ALTER TABLE `tblleave`
  MODIFY `ID` int(4) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=15;
COMMIT;
 
/*!40101 SET CHARACTER_SET_CLIENT=@OLD_CHARACTER_SET_CLIENT */;
/*!40101 SET CHARACTER_SET_RESULTS=@OLD_CHARACTER_SET_RESULTS */;
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;

Malcom:escobar2012

MySQL

www-data@vmdak:/var/www/prison/database$ mysql -uroot -psqlCr3ds3xp0seD
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor.  Commands end with ; or \g.
Your MySQL connection id is 78
Server version: 8.0.39-0ubuntu0.24.04.1 (Ubuntu)
 
Copyright (c) 2000, 2024, Oracle and/or its affiliates.
 
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
 
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
 
mysql>

Session established

mysql> SELECT User,authentication_string FROM mysql.user;
+------------------+------------------------------------------------------------------------+
| User             | authentication_string                                                  |
+------------------+------------------------------------------------------------------------+
| debian-sys-maint | $A$005$.kogp`bA"BmsApNVYJEfNwPNz/v9BkMKahwu6KZykqnvsofTP.BHpRQW7D5 |
| mysql.infoschema | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.session    | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| mysql.sys        | $A$005$THISISACOMBINATIONOFINVALIDSALTANDPASSWORDTHATMUSTNEVERBRBEUSED |
| root             | *3DC875C029E44EE08B336676F66C50DBD081B5DB                              |
+------------------+------------------------------------------------------------------------+
5 rows in set (0.00 sec)

N/A

mysql> SELECT * FROM tblemployee;
+----+---------------------+----------+-------------+------+---------------------+-----------+-------------+---------+---------------+-------------+---------------+------------------+--------------+-----------+--------+--------------+---------------------------+
| id | employeeID          | fullname | password    | sex  | email               | dob       | phone       | address | qualification | dept        | employee_type | date_appointment | basic_salary | gross_pay | status | leave_status | photo                     |
+----+---------------------+----------+-------------+------+---------------------+-----------+-------------+---------+---------------+-------------+---------------+------------------+--------------+-----------+--------+--------------+---------------------------+
|  7 | STAFF/FKP/2023/4860 | Malcom   | escobar2012 | Male | releaseme@gmail.com | 12/9/1980 | 08067361023 | USA     | Theft         | USA Justice | Prisoner      | 9/9/2023         | NULL         | NULL      | 1      | Pending      | uploadImage/Profile/2.png |
+----+---------------------+----------+-------------+------+---------------------+-----------+-------------+---------+---------------+-------------+---------------+------------------+--------------+-----------+--------+--------------+---------------------------+
1 row in set (0.00 sec)
 
mysql> SELECT * FROM tblleave;
+----+---------------------+---------+------------+------------+-----------------------------------------+----------+
| ID | email               | leaveID | start_date | end_date   | reason                                  | status   |
+----+---------------------+---------+------------+------------+-----------------------------------------+----------+
| 14 | releaseme@gmail.com | 2023399 | 2023-10-29 | 2023-11-15 | Dont forget the password: RonnyCache001 | Approved |
+----+---------------------+---------+------------+------------+-----------------------------------------+----------+
1 row in set (0.00 sec)
 
mysql> SELECT * FROM users;
+----------+----------+---------+-----------------+-----------------------+
| username | password | phone   | fullname        | photo                 |
+----------+----------+---------+-----------------+-----------------------+
| admin    | admin123 | 0905656 | Caroline Bassey | uploadImage/shell.php |
+----------+----------+---------+-----------------+-----------------------+
1 row in set (0.00 sec)

N/A

InfoSec LAB

Explorer

vmdak_DB_Credentials

Database Credentials

`connect.php`

`connect2.php`

`employee_akpoly.sql`

MySQL

Interactive Graph View

Table of Contents

Backlinks