Sequel (Tier 1)

Description

  • Tier -> 1

  • Difficult -> Very Easy

  • OS -> Linux

  • Tags -> Vulnerability / Assessment / Databases / MySQL / SQL / Reconnaissance / Weak Credentials

https://app.hackthebox.com/starting-point?tier=1

Write-up

  • I started doing an initial scan using Nmap

  • With this, I answered the first question

Answer: 3306

  • Then I did an exhaustive scan to get information about the service running on the open port

  • With this and a little research, I answered the next questions

Answer: MariaDB

Answer: -u

  • As we found the service running was a MariaDB database, I used the mysql Linux utility to connect to it. As I didn't have any credentials, I tried using root as username and gained access without being asked for a password

  • With this and a little research, I answered the next questions

Answer: root

Answer: *

Answer: ;

  • With this, I could navigate through the database information using SQL queries. I enumerated the databases present, noticing a particular one named htb, and accessed it

To learn more about SQL, you can go here

  • With this, I answered the next question

Answer: htb

  • Then I listed the tables in that database and found an interesting one named config. So I retrieved all the information from that table and saw there was a parameter called flag, which gave me the flag of the machine

  • With this, I got the root flag and pwned the machine

Answer: 7b4bec00d1a39e3dd4e021ec3d915da8

PreviousAppointment (Tier 1)NextCrocodile (Tier 1)

Last updated