Sequel Walkthrough | HackTheBox

We’re a hub for tech professionals looking to advance & optimize their IT Infrastructure by finding the perfect product, tool, or role. Learn more about us. If you don’t see a product you are looking for on our website you can send us feedback 🙂

BACK TO GUIDES

This is a simple walkthrough for completing the Sequel target machine in Hackthebox.com.

Task 1

Question: What does the acronym SQL stand for?

Answer: Structured Query Language

Task 2

Question: During our scan, which port running mysql do we find?

Answer: 3306

Task 3

Question: What community-developed MySQL version is the target running?

Answer: MariaDB

Task 4

Question: What switch do we need to use in order to specify a login username for the MySQL service?

Answer: -u

Task 5

Question: Which username allows us to log into MariaDB without providing a password?

Answer: root

Task 6

Question: What symbol can we use to specify within the query that we want to display everything inside a table?

Answer: *

Task 7

Question: What symbol do we need to end each query with?

Answer: ;

Task 8

Submit flag

The first thing we can try to do in this scenario is connect to the mysql database. To do this, make sure your host is configured with the mariadb client if you are receiving a command not found option.

sudo apt-get install mariadb-client

The simple command to run for connecting the host to a client database is shown below. The -h flag is to specify the target you trying to connect to and the -u flag is to specify the user.

mysql -h 10.129.105.235 -u root

Connecting to the client it will then show a prompt. In this prompt, you will be able to instruct the database with a series of mysql commands that are available to you. You can get a list of these available commands by typing help; in the prompt or see more commands at the end of this tutorial.

The command we are looking to use here will the SHOW DATABASES;

SHOW DATABASES;

The command will display a series of databases we can look deeper in. To select a database, use the keyword ‘use’ followed by the database name as shown below:

USE htb;

We can see now that in the main prompt, the name changed from ‘none’ to our newly connected database named ‘htb’.

Inside this database, we can use the show command again to list more tables:

SHOW tables;

There are two tables that show up when running the show tables command, which include config and users. We can look inside the config table by selecting everything in the table and displaying it on the screen with one command:

SELECT * FROM config

This command is saying we want to select everything (*) from the config table.

Inside the config table, you will see the flag.

Mission accomplished.

Mysql Commands

DescriptionCommand
To login (from unix shell) use -h only if needed.[mysql dir]/bin/mysql -h hostname -u root -p
Create a database on the sql server.create database [databasename];
List all databases on the sql server.show databases;
Switch to a database.use [db name];
To see all the tables in the db.show tables;
To see database’s field formats.describe [table name];
To delete a db.drop database [database name];
To delete a table.drop table [table name];
Show all data in a table.SELECT * FROM [table name];
Returns the columns and column information pertaining to the designated table.show columns from [table name];
Show certain selected rows with the value “whatever”.SELECT * FROM [table name] WHERE [field name] = “whatever”;
Show all records containing the name “Bob” AND the phone number ‘3444444’.SELECT * FROM [table name] WHERE name = “Bob” AND phone_number = ‘3444444’;
Show all records not containing the name “Bob” AND the phone number ‘3444444’ order by the phone_number field.SELECT * FROM [table name] WHERE name != “Bob” AND phone_number = ‘3444444’ order by phone_number;
Show all records starting with the letters ‘bob’ AND the phone number ‘3444444’.SELECT * FROM [table name] WHERE name like “Bob%” AND phone_number = ‘3444444’;
Use a regular expression to find records. Use “REGEXP BINARY” to force case-sensitivity. This finds any record beginning with a.SELECT * FROM [table name] WHERE rec RLIKE “^a$”;
Show unique records.SELECT DISTINCT [column name] FROM [table name];
Show selected records sorted in an ascending (asc) or descending (desc).SELECT [col1],[col2] FROM [table name] ORDER BY [col2] DESC;
Count rows.SELECT COUNT(*) FROM [table name];
Join tables on common columns.select lookup.illustrationid, lookup.personid,person.birthday from lookup
left join person on lookup.personid=person.personid=statement to join birthday in person table with primary illustration id;
Switch to the mysql db. Create a new user.INSERT INTO [table name] (Host,User,Password) VALUES(‘%’,’user’,PASSWORD(‘password’));
Change a users password.(from unix shell).[mysql dir]/bin/mysqladmin -u root -h hostname.blah.org -p password ‘new-password’
Change a users password.(from MySQL prompt).SET PASSWORD FOR ‘user’@’hostname’ = PASSWORD(‘passwordhere’);
Switch to mysql db.Give user privilages for a db.INSERT INTO [table name] (Host,Db,User,Select_priv,Insert_priv,Update_priv,Delete_priv,Create_priv,Drop_priv) VALUES (‘%’,’db’,’user’,’Y’,’Y’,’Y’,’Y’,’Y’,’N’);
To update info already in a table.UPDATE [table name] SET Select_priv = ‘Y’,Insert_priv = ‘Y’,Update_priv = ‘Y’ where [field name] = ‘user’;
Delete a row(s) from a table.DELETE from [table name] where [field name] = ‘whatever’;
Update database permissions/privilages.FLUSH PRIVILEGES;
Delete a column.alter table [table name] drop column [column name];
Add a new column to db.alter table [table name] add column [new column name] varchar (20);
Change column name.alter table [table name] change [old column name] [new column name] varchar (50);
Make a unique column so you get no dupes.alter table [table name] add unique ([column name]);
Make a column bigger.alter table [table name] modify [column name] VARCHAR(3);
Delete unique from table.alter table [table name] drop index [colmn name];
Load a CSV file into a table.LOAD DATA INFILE ‘/tmp/filename.csv’ replace INTO TABLE [table name] FIELDS TERMINATED BY ‘,’ LINES TERMINATED BY ‘\n’ (field1,field2,field3);
Dump all databases for backup. Backup file is sql commands to recreate all db’s.[mysql dir]/bin/mysqldump -u root -ppassword –opt >/tmp/alldatabases.sql
Dump one database for backup.[mysql dir]/bin/mysqldump -u username -ppassword –databases databasename >/tmp/databasename.sql
Dump a table from a database.[mysql dir]/bin/mysqldump -c -u username -ppassword databasename tablename > /tmp/databasename.tablename.sql
Restore database (or database table) from backup.[mysql dir]/bin/mysql -u username -ppassword databasename < /tmp/databasename.sql
Create Table Example 1.CREATE TABLE [table name] (firstname VARCHAR(20), middleinitial VARCHAR(3), lastname VARCHAR(35),suffix VARCHAR(3),
officeid VARCHAR(10),userid VARCHAR(15),username VARCHAR(8),email VARCHAR(35),phone VARCHAR(25), groups
VARCHAR(15),datestamp DATE,timestamp time,pgpemail VARCHAR(255));
Create Table Example 2.create table [table name] (personid int(50) not null auto_increment primary key,firstname varchar(35),middlename varchar(50),lastname varchar(50) default ‘bato’);

adytize.com is an independent platform launched in 2023 on a mission to match impactful people with meaningful organizations

Hi! My name is Carlos and I’ve been working in tech for the past 9 years.

I built this website to share my passion for recruitment.

Clicking the heart tells me what you enjoy reading. Social sharing is appreciated (and always noticed).

That’s it. That is my pitch for you to stick around (or browse the site as you please).

If you want to get in contact with me, reach out to me via my socials 🙂

“Think of us as the ‘Consumer Reports’ for Impactful Talent.”

Exclusive insights on roles directly in your inbox.