Sequel

Task 1

During our scan, which port do we find serving MySQL?

Answer:

  • Use nmap to scan target.

  • MySQL is running off of port 3306.

Task 2

What community-developed MySQL version is the target running?

Answer:

  • Run the following command

nmap -sC -p 3306 [IP]
  • The answer is MariaDB

Task 3

When using the MySQL command line client, what switch do we need to use in order to specify a login username?

Answer:

  • Needed to install mysql first.

  • I started with the following but it wasn't working

sudo apt update
sudo apt dist-upgrade
sudo apt install mysql-server
  • This wasn't working so I tried searching for an answer on stackoverflow and found the following:

sudo apt install mariadb-server mariadb-client 
systemctl start mysql
systemctl status  mysql 
  • This worked and mysql was iinstalled.

  • I than ran the following to find out different options:

mysql --help
  • This showed me that the answer is "-u"

Task 4

Which username allows us to log into this MariaDB instance without providing a password?

Answer:

  • I first tried "admin" but that didn't work.

  • I then tried "root" and that was the answer.

Task 5

In SQL, what symbol can we use to specify within the query that we want to display everything inside a table?

Answer:

  • I took a guess that it was the wildcard "*" and was right.

Task 6

In SQL, what symbol do we need to end each query with?

Answer:

  • I tried guessing a couple of time but wasn't getting the answer.

  • I looked it up and should have guessed that it was ";"

Task 7

There are three databases in this MySQL instance that are common across all MySQL instances. What is the name of the fourth that's unique to this host?

Answer:

  • Okay so first I'm dumb. I didin't realize that I just logged into a mysql server that I started on my own VM.

  • So I logged out and did the following command to log into the machine from the lab:

sudo mysql -h [IP] -u root
  • This got me into the target database. From here I used the following command to see the databases.

SHOW databases;
  • I did this previously and got an output so new what were the standard three databases. I compared this to the new output which gave me the answer of "htb".

Find the Flag

  • I used the following commands to gain access to the server:

USE htb;
SHOW tables;
SELECT * FROM config;
  • This gave me the flag "7b4bec00d1a39e3dd4e021ec3d915da8"

Last updated