↓Skip to main content

MYSQL UDF

OFFSEC - Proving Grounds - BANZAI

21 September 2025·2971 words·14 mins

OFFSEC PG PRACTICE HYDRA GOBUSTER MYSQL MYSQL UDF GCC

FTP on port 21 with weak credentials holds web dirirectory for port 8295. Upload PHP shell to gain initial access. MySQL UDF exploit sets SUID on bash and allows us to escalates to root.