Black Hat Go: Go Programming for Hackers and Pentesters by Tom Steele & Chris Patten & Dan Kottmann

Author:Tom Steele & Chris Patten & Dan Kottmann
Language: eng
Format: epub, mobi
Publisher: No Starch Press, Inc.
Published: 2020-07-15T00:00:00+00:00

Implementing a MySQL Database Miner

To make your MySQL implementation work, you’ll inspect the information_schema.columns table. This table maintains metadata about all the databases and their structures, including table and column names. To make the data the simplest to consume, use the following SQL query, which removes information about some of the built-in MySQL databases that are of no consequence to your pillaging efforts:

SELECT TABLE_SCHEMA, TABLE_NAME, COLUMN_NAME FROM columns WHERE TABLE_SCHEMA NOT IN ('mysql', 'information_schema', 'performance_schema', 'sys') ORDER BY TABLE_SCHEMA, TABLE_NAME

The query produces results resembling the following:

+--------------+--------------+-------------+ | TABLE_SCHEMA | TABLE_NAME | COLUMN_NAME | +--------------+--------------+-------------+ | store | transactions | ccnum | | store | transactions | date | | store | transactions | amount | | store | transactions | cvv | | store | transactions | exp | --snip--

Although using that query to retrieve schema information is pretty straightforward, the complexity in your code comes from logically trying to differentiate and categorize each row while defining your GetSchema() function. For example, consecutive rows of output may or may not belong to the same database or table, so associating the rows to the correct dbminer.Database and dbminer.Table instances becomes a somewhat tricky endeavor.

Listing 7-10 defines the implementation.

type MySQLMiner struct { Host string Db sql.DB } func New(host string) (*MySQLMiner, error) { m := MySQLMiner{Host: host} err := m.connect() if err != nil { return nil, err } return &m, nil } func (m *MySQLMiner) connect() error { db, err := sql.Open( "mysql", ❶ fmt.Sprintf("root:password@tcp(%s:3306)/information_schema", m.Host)) if err != nil { log.Panicln(err) } m.Db = *db return nil } func (m *MySQLMiner) GetSchema() (*dbminer.Schema, error) { var s = new(dbminer.Schema) ❷ sql := `SELECT TABLE_SCHEMA, TABLE_NAME, COLUMN_NAME FROM columns WHERE TABLE_SCHEMA NOT IN ('mysql', 'information_schema', 'performance_schema', 'sys') ORDER BY TABLE_SCHEMA, TABLE_NAME` schemarows, err := m.Db.Query(sql) if err != nil { return nil, err } defer schemarows.Close() var prevschema, prevtable string var db dbminer.Database var table dbminer.Table ❸ for schemarows.Next() { var currschema, currtable, currcol string if err := schemarows.Scan(&currschema, &currtable, &currcol); err != nil { return nil, err } ❹ if currschema != prevschema { if prevschema != "" { db.Tables = append(db.Tables, table) s.Databases = append(s.Databases, db) } db = dbminer.Database{Name: currschema, Tables: []dbminer.Table{}} prevschema = currschema prevtable = "" } ❺ if currtable != prevtable { if prevtable != "" { db.Tables = append(db.Tables, table) } table = dbminer.Table{Name: currtable, Columns: []string{}} prevtable = currtable } ❻ table.Columns = append(table.Columns, currcol) } db.Tables = append(db.Tables, table) s.Databases = append(s.Databases, db) if err := schemarows.Err(); err != nil { return nil, err } return s, nil } func main() { mm, err := New(os.Args[1]) if err != nil { panic(err) } defer mm.Db.Close() if err := dbminer.Search(mm); err != nil { panic(err) } }

Listing 7-10: Creating a MySQL database miner (/ch-7/db/mysql/main.go/)

A quick glance at the code and you’ll probably realize that much of it is very, very similar to the MongoDB example in the preceding section. As a matter of fact, the main() function is identical.

The bootstrapping functions are also similar—you just change the logic to interact with MySQL rather than MongoDB.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.