MySQL
ℹ️ Informations¶
- 🌐 Website: HackTheBox
- 📚 Module: Footprinting
- 🔗 Link: MySQL
❓Question¶
Enumerate the MySQL server and determine the version in use. (Format: MySQL X.X.XX)
📋 Walkthrough¶
Let's use nmap
nmap -p3306 -sC -sV 10.129.205.130
PORT STATE SERVICE VERSION
3306/tcp open mysql MySQL *.*.**-0ubuntu0.20.04.1
| mysql-info:
| Protocol: 10
| Version: *.*.**-0ubuntu0.20.04.1
| Thread ID: 11
| Capabilities flags: 65535
| Some Capabilities: LongPassword, Support41Auth, SupportsTransactions, LongColumnFlag, ODBCClient, InteractiveClient, ConnectWithDatabase, Speaks41ProtocolNew, IgnoreSpaceBeforeParenthesis, SwitchToSSLAfterHandshake, SupportsCompression, IgnoreSigpipes, DontAllowDatabaseTableColumn, SupportsLoadDataLocal, FoundRows, Speaks41ProtocolOld, SupportsAuthPlugins, SupportsMultipleStatments, SupportsMultipleResults
| Status: Autocommit
| Salt: W\x02e5^g"EAF&Oc,\x06i8\Hf
|_ Auth Plugin Name: caching_sha2_password
Answer
MySQL *.*.**
❓Question¶
During our penetration test, we found weak credentials "robin:robin". We should try these against the MySQL server. What is the email address of the customer "Otto Lang"?
📋 Walkthrough¶
Connect to mysql using provided credentials
Now we can investigateMySQL [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| customers |
| information_schema |
| mysql |
| performance_schema |
| sys |
+--------------------+
5 rows in set (0.056 sec)
MySQL [(none)]> use customers
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MySQL [customers]> show tables;
+---------------------+
| Tables_in_customers |
+---------------------+
| myTable |
+---------------------+
1 row in set (0.047 sec)
MySQL [customers]> select * from myTable
----+
<SNIPPET>
Answer
********@******.***