Course

This lab introduces you to a scenario where MySQL is installed without a root password, granting you access through the MySQL shell. Your task is to exploit this vulnerability to read the contents of a file located at /var/lib/mysql-files/key.txt. Although the file system permissions restrict direct access to this file, you can leverage the MySQL load_file() function to bypass these restrictions.

Once logged in as the user "pentesterlab," you will connect to the MySQL database as the root user, which has no password set. By utilizing the load_file() function, you can instruct MySQL to read the file's content because the MySQL system user has the necessary permissions. This technique demonstrates how to escalate privileges and access protected data by exploiting misconfigurations in database systems.