basic usage:
connecting:
mysql -h 10.0.2.11 -u qdpmadmin --database=qdpm --ssl=0 -p'UcVQCMQk2STVeS6J'
check user and host:
SELECT User, Host FROM mysql.user;
getting the version:
select version();
see databases:
show databases;
use a database:
use databaseName;
see tables:
show tables;
see table structure (columns. values arent included):
describe tableName;
show columns from tableName;
see columns + their content:
select * from tableName;
see specific columns:
select column1,column2 from tableName;
see all mysql users:
select user, host from mysql.user;
make a new db:
create database DBname;
make a new mysql user:
create user 'username'@'localhost' identified by 'password';
give a user privilages:
grant all privileges on DBname.* to 'username'@'localhost';
flush privileges;
yeet a db:
drop database dbName;
yeet a user:
drop user 'username'@'localhost';
simple query:
select * from tableName where columnName='value';
update data:
update tableName set columnName='newValue' where id=1;
yeet data:
delete from tableName where id=1;
get out of weird -> prompt:
- type in
; and hit enter
- or type in
\c and hit enter to cancel without running garbage
exit is just exit :v
cred hunting:
LIKE (fuzzy/partial match):
select * from users where username like '%bob%';
% is the wildcard operator in mysql
NOT LIKE:
select * from users where username not like '%admin%';
OR:
select * from users where username='bob' or username='alice';
IN (same as OR just cleaner):
select * from users where username in ('bob', 'alice', 'charlie');
ORDER BY (sort results):
select * from users order by id desc;
desc = decendingasc = ascending
LIMIT:
select * from users limit 5;
- good for huge tables
- sets how many rows to return
- doing
LIMIT 1,1 would mean it would skip the first row and show 1 row out of the rest of the rows after the skipped one
BETWEEN:
select * from users where id between 1 and 5;
shenanigans:
nuke a table with sqli if the app allows multiple statements:
'; DROP table users; --