Sequel - HTB Writeup

less than 1 minute read

Sequel

Overview

The aim is to enumerate web services on the Sequel machine and infiltrate its database using SQL injection.

Enumeration

I started with an nmap scan to find open ports. We see that MYSQL is running on port 3306. This version is 5.5.5-10.3.27-MariaDB-0+deb10u1.

Nmap img Nmap Scan

That information is vital because it tells me to install either mysql or MariaDB and use the cli commands to try and manipulate this database.

Access

According to the manual (–help), we can authenticate to MYSQL service using username and password.

So, we can try different password/username combinations (time consuming) or try a passwordless option using /root user (only works if mysql database is misconfigured).

Password-less

Just like that, we’ve gained a foothold.

Now let’s execute some commands and retrieve the flags:

SHOW databases; - Prints out the databases we can access
USE {database_name}; - Select the database we want
SHOW tables; - Shows the available tables inside the current database
SELECT * FROM {table_name}; - Reveals all data in the table

Flags

Share on

X Facebook LinkedIn Bluesky

Vincent Olago

Sequel - HTB Writeup

Overview

Enumeration

Access

Share on

You may also enjoy

DNS Exfiltration Writeup

Crocodile Writeup

Responder - HTB Catch the Flag

Redeemer- HTB Catch the Flag