Tell me more ×
Database Administrators Stack Exchange is a question and answer site for database professionals who wish to improve their database skills and learn from others in the community. It's 100% free, no registration required.
up vote 4 down vote favorite

As a MySQL user without access to the mysql database, is it possible to retrieve my privileges?

share|improve this question

2 Answers

up vote 2 down vote accepted

It seems that using SHOW GRANTS did work in this case:

SHOW GRANTS FOR CURRENT_USER;

Although the manual states that you still need to have access to the mysql database:

SHOW GRANTS requires the SELECT privilege for the mysql database.

And accessing mysql.user directly actually didn’t work, probably because it does also contain further sensitive information like the passwords of other users:

mysql> SELECT * FROM mysql.user;
ERROR 1142 (42000): SELECT command denied to user 'user'@'host' for table 'user'
share|improve this answer
up vote 1 down vote

Assuming you have read-only access to the /var/lib/mysql/mysql folder, here is a hacker's approach, without disrupting the running server and without exposing any passwords:

Step 1) Install MySQL on your Windows machine. Make sure it is the same version number of MySQL as the Linux version.

Step 2) Shutdown mysql on the Windows machine:
C:\> net stop mysql

Step 3) Download the mysql schema from the Linux server and store the individual files in the mysql subfolder on the Window machine. The mysql schema contains various MyISAM and CSV files.

Step 4) Add the line 'skip-grant-tables' to my.ini on your Windows machine

Step 5) Startup mysql on the Windows machine
C:\> net start mysql

Step 6) Run mysql client on the Windows machine (no password needed at this point)

Step 7) Run this command in the mysql client

INSERT INTO mysql.user SET Host = 'localhost', User = 'myhackeruser', Password = PASSWORD('whatever'), Select_priv = 'Y', Insert_priv = 'Y', Update_priv = 'Y', Delete_priv = 'Y', Create_priv = 'Y', Drop_priv = 'Y', Reload_priv = 'Y', Shutdown_priv = 'Y', Process_priv = 'Y', File_priv = 'Y', Grant_priv = 'Y', References_priv = 'Y', Index_priv = 'Y', Alter_priv = 'Y', Show_db_priv = 'Y', Super_priv = 'Y', Create_tmp_table_priv = 'Y', Lock_tables_priv = 'Y', Execute_priv = 'Y', Repl_slave_priv = 'Y', Repl_client_priv = 'Y', Create_view_priv = 'Y', Show_view_priv = 'Y', Create_routine_priv = 'Y', Alter_routine_priv = 'Y', Create_user_priv = 'Y', max_questions = 0, max_updates = 0;

Step 8) Shutdown mysql on the Windows machine:
C:\> net stop mysql

Step 9) Startup mysql on the Windows machine:
C:\> net start mysql

Step 10) Run mysql client as myhackeruser:
C:\> mysql -umyhackeruser -pwhatever

Step 11) Run "SHOW GRANTS FOR 'whateveruserid'@'whateverhost';"

It's a long-winded approach but it works.

Give it a Try !!!

share|improve this answer

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.