# Services (mySQL, postgreSQL)

## What is service

Service is an application running in the background waiting for y'all to use it

Services like Apache Web Server, OpenSSH, MySQL/MariaDB, and PostgreSQL are important for us

### Starting, stopping, restarting and checking services

It’s too intuitive to start, stop and all that things. The syntax will look like this:

```bash
$ systemctl start|stop|restart <servicename>
```

To check the status:

```bash
$ systemctl status <servicename>
```

### Apache web server

Apache web server is often associated with MySQL database. With the combination of (LAMP) Linux, Apache, MySQL, and PHP or Python forms a powerful and robust platform for the development and deployment of web-based applications

Now let’s start our Apache server

```bash
$ systemctl start apache2
```

Now if you go to [localhost](http://localhost) or 127.0.0.1 you will see the default Apache page means that it works

To customize the server you can edit the `index.html` file at `/var/www/html/index.html` and just start edit your own web page

## Extracting Information from MySQL/MariaDB

You know the drill, it’s better to understand how `mysql` and `mariadb` work since it’s heavily focused when it comes to web pentesting

### Start the services

```bash
$ systemctl start mysql 
$ mysql -u root -p
Enter password: #by default it's empty
Welcome to MySQL monitor. Commands end with ; or \g.
~~

mysql> 
```

We know when we are testing SQLi vulnerability we will use some commands like `select`, `union`, `where` and etc. Since it’s stored in table form we should know several commands:

`select` to retrieve data

`union` to combine the results of two or more select operations

`insert` to add new data

`update` to modify existing data

`delete` to delete data

Let’s see the example when retrieving the data in one of the tables

```sql
mysql> select user, password from customer where user='admin'; #note that the semicolon is needed
+-------+--------------+
| user  | password     |
+-------+--------------+
| admin | p@ssw0rd123! |
+-------+--------------+
1 row in set (0.00 sec)

mysql> select * from customer; #dump the whole table out
+-----+----------+----------------------+---------------+
| id  | user     | password             | email         |
+-----+----------+----------------------+---------------+
| 101 | admin    | p@ssw0rd123!         | admin@corp.net|
| 102 | jdoe     | my_cat_is_fluffy     | j.doe@web.com |
| 103 | ssmith   | summer!2024          | sarah@mail.io |
| 104 | testuser | password             | test@test.org |
+-----+----------+----------------------+---------------+
4 rows in set (0.00 sec)

mysql> select user, host, password from mysql.user;
+------------------------
| user | host | password
+------------------------
|root |localhost |
~~
```

### Show databases

By default the database will look like this

```sql
mysql> show databases;
+-------------------------------+
| Database |
+-------------------------------+
| information_schema |
| mysql              |
| performance_schema |
+-------------------------------+
#let's say we want to edit the mysql database
mysql> use mysql; #we first specify which database we want to use
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
mysql> update user set password = PASSWORD("whatisthispassword") where user = 'root'; #change the password of the root user in mysql
```

## Accessing remote databases

We might want to access our remote database when we are on other machine or something

Let’s start the mysql service again but with the ip of the sql server

```sql
$ mysql -u root -p 10.10.10.10
#assume you logged in
mysql> show databases;
+-------------------------------+
| Database |
+-------------------------------+
| information_schema |
| mysql              |
| performance_schema |
| supersecret        |
+-------------------------------+
mysql> use supersecret;
Database changed
mysql> show tables;
+-----------------------------------+
| Tables_in_creditcardnumbers |
+-----------------------------------+
| passwordforbank |
+-----------------------------------+
1 row in set (0.14 sec)
```

Just like that you can use `show table;` and start dumping out the creds inside

Another important stuff, you can use `describe <table_name>;` to see the structure of the table

```sql
mysql> describe passwordforbank;
+-----------------------+--------------+------+-----+-------------------+-----------------------------+
| Field                 | Type         | Null | Key | Default           | Extra                       |
+-----------------------+--------------+------+-----+-------------------+-----------------------------+
| id                    | int          | NO   | PRI | NULL              | auto_increment              |
| bank_name             | varchar(100) | NO   |     | NULL              |                             |
| account_holder_name   | varchar(255) | NO   |     | NULL              |                             |
| login_username        | varchar(100) | NO   | UNI | NULL              |                             |
| login_password_hash   | varchar(255) | NO   |     | NULL              |                             |
| security_question     | text         | YES  |     | NULL              |                             |
| security_answer_hash  | varchar(255) | YES  |     | NULL              |                             |
| last_updated          | timestamp    | NO   |     | CURRENT_TIMESTAMP | on update CURRENT_TIMESTAMP |
+-----------------------+--------------+------+-----+-------------------+-----------------------------+
8 rows in set (0.01 sec)
```

And then you can now do that shady stuff

## PostgreSQL with metasploit

Metasploit uses PostgreSQL to store it’s modules and any other stuff, so it’s quite important to understand how it work

So now we’ll set up the database that metasploit will store its information in

```sql
$ service start postgresql

$ msfconsole
~~
msf> msfdb init
[*] exec :msfdb init
Creating database use 'msf'
Enter password for new role
Enter it again:
Creating databases 'msf' and 'msf_test'
Creating configuration file /usr/share/metasploit-framework/config/database.yml
Creating initial database schema

msf> su postgres #here we need to login PostgreSQL as ro
[*] su postgres
postgres@vix:/root$
```

### Creating users and databases

```sql
postgres@vix:/root$ createuser <username> -P
Enter Password for new role:
Enter it again:
postgres@vix:/root$ createdb --owner=<username> <db_name_you_want>
postgres@vix:/root$ exit
#here's how you login the user you just created
msf> db_connect vix:password@127.0.0.1/some_random_db #change the ip if you tryna login remotely
```

You can also check the database status to see if it’s connected

```sql
msf> db_status
[*] postgresql connected to msf #confirmed :)
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://vix-w1zzer.gitbook.io/vixwizzer/notes/linux/services-mysql-postgresql.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.