THM - Advent of Cyber [Day 11]

Today’s task deals with databases again, only this time, it deals with MySQL which is a Relational Database Management System (RDMS). The task does a good job of explaining what a relational database is by giving an example of a workshop with tables that have interconnected relationships. I like the figure they put more than the explanation, so I’m going to post that here.

The Task

We’ll be using nmap to scan the victim machine and getting some info on the version of MySQL and what port to connect to. The task gives us the command we need to use in order to connect to the MySQL server:

sqsh -S 10.10.18.40 -U sa -P t7uLKzddQzVjVFJp

I have admittedly never used this command, but I’m excited to learn more about this interactive SQL shell. Now it’s time to dig around the reindeer database that has names, presents and schedule tables. Time to dust off the SQL admin memes.

It briefly describes the syntax of a SQL query and we can pull some data for the tasks. SELECT * FROM reindeer.dbo.schedule; will return the query we need for one of the questions. After that we need to type go to get the data from the query.

After playing around with the sqsh, the task talks about how we can run something like a command shell command inside of the sqsh session. The syntax is xp_cmdshell 'COMMAND';, and the final question wants us to grab a flag located somewhere in the Grinch’s home directory. The flag was not in the typical spot for CTFs and because this isn’t a PowerShell session, the cat command won’t work. Luckily, I knew that type was the old windows command to show the contents of a file. That’s it for today’s task, I was happy to get a little more insight about SQL and how to move around in there.