Sequel
Task 1
During our scan, which port do we find serving MySQL?
Answer:
Use nmap to scan target.
MySQL is running off of port 3306.
Task 2
What community-developed MySQL version is the target running?
Answer:
Run the following command
nmap -sC -p 3306 [IP]
The answer is MariaDB
Task 3
When using the MySQL command line client, what switch do we need to use in order to specify a login username?
Answer:
Needed to install mysql first.
I started with the following but it wasn't working
sudo apt update
sudo apt dist-upgrade
sudo apt install mysql-server
This wasn't working so I tried searching for an answer on stackoverflow and found the following:
sudo apt install mariadb-server mariadb-client
systemctl start mysql
systemctl status mysql
This worked and mysql was iinstalled.
I than ran the following to find out different options:
mysql --help
This showed me that the answer is "-u"
Task 4
Which username allows us to log into this MariaDB instance without providing a password?
Answer:
I first tried "admin" but that didn't work.
I then tried "root" and that was the answer.
Task 5
In SQL, what symbol can we use to specify within the query that we want to display everything inside a table?
Answer:
I took a guess that it was the wildcard "*" and was right.
Task 6
In SQL, what symbol do we need to end each query with?
Answer:
I tried guessing a couple of time but wasn't getting the answer.
I looked it up and should have guessed that it was ";"
Task 7
There are three databases in this MySQL instance that are common across all MySQL instances. What is the name of the fourth that's unique to this host?
Answer:
Okay so first I'm dumb. I didin't realize that I just logged into a mysql server that I started on my own VM.
So I logged out and did the following command to log into the machine from the lab:
sudo mysql -h [IP] -u root
This got me into the target database. From here I used the following command to see the databases.
SHOW databases;
I did this previously and got an output so new what were the standard three databases. I compared this to the new output which gave me the answer of "htb".
Find the Flag
I used the following commands to gain access to the server:
USE htb;
SHOW tables;
SELECT * FROM config;
This gave me the flag "7b4bec00d1a39e3dd4e021ec3d915da8"
Last updated