Hack The Box-Starting Point-Sequel

答案

1. 任务1：During our scan, which port do we find serving MySQL? 3306

2. 任务2：What community-developed MySQL version is the target running? MariaDB

3. 任务3: When using the MySQL command line client, what switch do we need to use in order to specify a login username? -u

4. 任务4： Which username allows us to log into this MariaDB instance without providing a password? root

5. 任务5: In SQL, what symbol can we use to specify within the query that we want to display everything inside a table? *

6. 任务6: In SQL, what symbol do we need to end each query with? ;

7. 任务7：There are three databases in this MySQL instance that are common across all MySQL instances. What is the name of the fourth that's unique to this host? htb

曲折的路途

1. 上Nmap扫描，执行命令nmap -sV 目标IP, 发现有点问题，

2. 修改扫描参数：nmap -p 3306 -sC 目标IP

3. 暴破一下mysql用户名和密码，执行命令： hydra -L /usr/share/brutespray/wordlist/mysql/user -P /usr/share/brutespray/wordlist/mysql/password -t 2 -e n -f -v 目标IP mysql ，发现目标使用的是空密码

3.1 本来想使用Nmap内置的脚本进行测试，发现出错，nmap -p 3306 --script=mysql-brute 目标IP

4. 使用mysql-client登入，mysql -h 目标IP -u root

5. 查看所有库，show databases;

6. 查看htb库中的表
   user htb; show tables;

7. 查看config表中的数据, select * from config;

撒花