Sequel (Tier 1)

Description

  • Tier -> 1

  • Difficult -> Very Easy

  • OS -> Linux

  • Tags -> Vulnerability / Assessment / Databases / MySQL / SQL / Reconnaissance / Weak Credentials

https://app.hackthebox.com/starting-point?tier=1

Write-up

  • I started doing an initial scan using Nmap

nmap -p- -Pn --min-rate 2000 10.129.122.150

  • With this, I answered the first question

Answer: 3306

  • Then I did an exhaustive scan to get information about the service running on the open port

nmap -p3306 -sVC 10.129.122.150

  • With this and a little research, I answered the next questions

Answer: MariaDB

Answer: -u

  • As we found the service running was a MariaDB database I used the mysql Linux utility to connect to it. As I didn't have any credentials, I tried using root as username and gained access without being asked for a password

mysql -h 10.129.122.150 -u root

  • With this and a little research, I answered the next questions

Answer: root

Answer: *

Answer: ;

  • With this, I could navigate through the database information using SQL queries. I enumerated the databases present noticing a particular one named htb and accessed it

show databases;
use htb;

To learn more about SQL you can go here

  • With this, I answered the next question

Answer: htb

  • Then I listed the tables in that database and found an interesting one named config. So I retrieved all the information from that table and saw there was a parameter called flag, which gave me the flag of the machine 

show tables;
select * from config;
exit

  • With this, I got the root flag and pwned the machine

Answer: 7b4bec00d1a39e3dd4e021ec3d915da8

PreviousAppointment (Tier 1)NextCrocodile (Tier 1)

Last updated