: Query the mysql.user table to harvest password hashes. Use Hashcat with mode 300 (MySQL4.1/MySQL5) or mode 200 (MySQL3.23) to crack them off-line.
To further expand your knowledge on active database exploitation vectors, explore documentation regarding automated SQL injection with sqlmap or review standard configurations outlined in the OWASP SQL Injection Prevention Guide. If you would like to expand this assessment, let me know: Your specific target (Linux or Windows?) The specific MySQL version you are targeting mysql hacktricks verified
If you have high-level database access (e.g., as root), you can often escalate to a system shell. : Query the mysql