Room Banner

Poster

The sys admin set up a rdbms in a safe way.

easy

45 min

Room progress ( 0% )

To access material, start machines and answer questions login.

Task 1Flag
What is rdbms?

Depending on the EF Codd relational model, an RDBMS allows users to build, update, manage, and interact with a relational database, which stores data as a table.

Today, several companies use relational databases instead of flat files or hierarchical databases to store business data. This is because a relational database can handle a wide range of data formats and process queries efficiently. In addition, it organizes data into tables that can be linked internally based on common data. This allows the user to easily retrieve one or more tables with a single query. On the other hand, a flat file stores data in a single table structure, making it less efficient and consuming more space and memory.

Most commercially available RDBMSs currently use Structured Query Language (SQL) to access the database. RDBMS structures are most commonly used to perform CRUD operations (create, read, update, and delete), which are critical to support consistent data management.

Are you able to complete the challenge?
The machine may take up to 5 minutes to boot and configure
Answer the questions below
What is the rdbms installed on the server?

What port is the rdbms running on?

Metasploit contains a variety of modules that can be used to enumerate in multiple rdbms, making it easy to gather valuable information.

After starting Metasploit, search for an associated auxiliary module that allows us to enumerate user credentials. What is the full path of the modules (starting with auxiliary)?

What are the credentials you found?

example: user:password

What is the full path of the module that allows you to execute commands with the proper user credentials (starting with auxiliary)?

Based on the results of #6, what is the rdbms version installed on the server?

What is the full path of the module that allows for dumping user hashes (starting with auxiliary)?

How many user hashes does the module dump?

What is the full path of the module (starting with auxiliary) that allows an authenticated user to view files of their choosing on the server?

What is the full path of the module that allows arbitrary command execution with the proper user credentials (starting with exploit)?

Compromise the machine and locate user.txt

Escalate privileges and obtain root.txt

Created by

User avatar
stuxnet

Room Type

Free Room. Anyone can deploy virtual machines in the room (without being subscribed)!

Users in Room

10,851

Created

1800 days ago

Ready to learn Cyber Security? Create your free account today!

TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.

Already have an account? Log in

We use cookies to ensure you get the best user experience. For more information contact us.

Read more