Hack The Box — Starting Point "Sequel" Solution

Carla Ferreira
Rakulee
Published in
4 min readApr 10, 2023

Sequel is the second machine from Tier 1 in the Starting Point Serie. The tool used on it is the Database MySQL.

The database is the organization and storage of information about a specific domain. More simply, it is the grouping of data that deals with the same subject and must be stored for security or future conference. It is common for companies to have various information that needs to be organized and made available within the business to be consulted later by the team and management.

Therefore, having a database management system to manipulate the information and make the company's routine much more straightforward is interesting.

Okay, hands-on work, let's pwed Sequel machine!

TASK 1 — During our scan, which port do we find serving MySQL?

Port 3306 runs MySQL by default. To check the answer, use the "nmap -F + IP." The key -F makes the scan go faster.

TASK 2 — What community-developed MySQL version is the target running?

In this lab, the database used was MySQL in the MariaDB version. The command "nmap -sV -sC -v + IP" showed the version and more port details.

MariaDB is fast, scalable and supports more storage engines than MySQL. Similar to MySQL, MariaDB supports external plugins, which means you can extend the database and apply it in more use cases, such as e-commerce, data warehousing and logging applications. MariaDB is both robust and scalable. — Buitin.com

TASK 3 — When using the MySQL command line client, what switch do we need to use in order to specify a login username?

The switch to open MySQL with a specified login username is -u.

TASK 4 — Which username allows us to log into this MariaDB instance without providing a password?

The username root allows it. For example, the image below shows the command "mysql -u root -h + IP" to open the database without a password, only entering the username.

TASK 5 — In SQL, what symbol can we use to specify within the query that we want to display everything inside a table?

The symbol is * ( star or asterisk).

TASK 6 — What symbol do we need to end each query with in SQL?

In the SQL database, running without the ; (semicolon) symbol at the end of the query is impossible. To illustrate, the image below shows the command line without the semicolon. The next task shows how the result should be with it.

TASK 7 — There are three databases in this MySQL instance that are common across all MySQL instances. What is the name of the fourth that's unique to this host?

The command "show databases;" show all the databases, including the unique one htb.

SUBMIT FLAG

Now the last task is to find the flag, so let's explore the database htb.

  • The command "use + database name" opens your desired database. Then to see the database tables use "show tables."
.
  • In the htb, the command "SELECT * from + table name;" shows all the content on that table. So, for example, the table "config" had the flag number.

The following image has all the answers for the Tasks.

--

--

Carla Ferreira
Rakulee
Writer for

Junior Cyber Security Analyst | System Development and Analysis Expertise | Coding | Bilingual English-Portuguese