Hack The Box Starting Point (SEQUEL)
This box is tagged “Linux”, “SQL”, “MariaDB” and “Weak Password”. It turns out we can log in remotely to MariaDB with the root user account, without providing a password.
During our scan, which port do we find serving MySQL?
=> 3306
What community-developed MySQL version is the target running?
=> MariaDb
When using the MySQL command line client, what switch do we need to use in order to specify a login username?
=> -u
Which username allows us to log into this MariaDB instance without providing a password?
=> root
In SQL, what symbol can we use to specify within the query that we want to display everything inside a table?
=> *
In SQL, what symbol do we need to end each query with?
=> ;
There are three databases in this MySQL instance that are common across all MySQL instances. What is the name of the fourth that’s unique to this host?
=> htb
Submit root flag
try to access the target machine as root
we can see the databases lists using show databases command.
we can choose the databases using use <database name>
we can see the tables using show tables command.
we can see the data from config and users tables using select * from <table name>
tarararaaaaaa we can found the flag in the lab => 7b4bec00d1a39e3dd4e021ec3d915da8
Thank You…………………………..