Earlier this week, Central Infosec opened up their 2021 Capture The Flag (https://ctf.centralinfosec.com/) You can still register and do the challenges up until April 19, 2021. (and if you wanna join my team, let’s go. Send me a DM and let’s do it!)
Before doing this writeup, I asked Central Infosec if I could do a writeup and they said yes. So here we go!
This specific box given below is challenging us to see if we could get into their MySQL / MariaDB. I will tell you how I got in.
First step, I downloaded the Vulnerable Machine from the first box of 08. Network Exploitation (CIS-WEBSRV01) challenge:
Second, I opened the .vmx file on my VMWare. Along with it is my Linux VM. I made sure they are both opened, bridged, and under the same Network:
Now that we confirmed the VM is working, the rest of the testing will be done from the Kali VM. Once done with the Network Configuration, I did a scan on my network using:
sudo arp-scan -l
I got the IP from the other Machine opened on my Network which is the Vulnerable Central-Infosec CIS-WEBSRV01.
After that, I did a quick check if the MySQL Port is opened using NMAP:
(https://nmap.org/nsedoc/scripts/mysql-info.html) WARNING: Please do not use NMAP unless you are AUTHORIZED to scan a network.
Port 3306 is OPEN. Time to get our hands on this thing!
Next thing I will do is I will try to connect to the MariaDB since we know its opened.
Note: I tried my luck and I did not input any Login Credentials:
mysql --protocol=tcp --host=IPAddressOfCentralVM --port=3306(okay, wow who does that? who lets a DB go in the wild without login creds. just kidding)
VOILA!! YAY! We got inside the Database. Let’s discover the database/s under this MariaDB:
I executed the command that will show me the list of DATABASES:
(If you are still here and reading this, I wanna say thank you.)
> SHOW Databases;
As we can see in the screenshot above, it gives us 5 Databases. Of course we are just gonna look for the FLAG we need to pass this specific challenge. Luckily, the name of the DB is called “flag”. Nice, thank you Central Infosec for that straight up hint. ;)
Curious, what’s inside that database name “flag”? Let’s see if there are TABLES under it but we have to switch to that DATABASE first before anything else. For the benefit of the doubt though, we’ll try it WITHOUT switching to the DATABASE “flag” to see if its gonna break free
> SHOW TABLES;Nice, as expected it shouldn’t return the list of tables:
Let’s switch to the Database “flag” now:
> USE flag
SWEET! We’re in the “flag” database name. Now what? Let’s check if there are tables under this DB:
PERFECT. It has the table “flag”. I do hope though that this is gonna lead into something. Let’s find out whats inside that TABLE flag:
> SELECT * FROM flag;Chef’s kiss I think we found the FLAG!!!! (I hope, Cross Fingers) What an adventure.
Now, Let’s go back to the Central-Infosec CTF page and try the FLAG we found:
Yes, I already solved it before doing this write up:
YAY! Thank you so much for reading my silly and simple write up, please note that this is my first ever write up despite of joining many CTFs already :p (is 4 CTFs many? :p)
I hope you learned and had fun getting in the MARIADB again. Thank you so much for reading!
— — —
If you want to know more about Central Infosec, please see below:
(btw I’m not affiliated with Central Infosec)
Central InfoSec
Central InfoSec is an award-winning cyber security company that offers professional security services including Red Teaming, Penetration Testing, and Security Training. The Central InfoSec team consists of skilled security professionals bringing a total of 20+ years of red teaming, penetration testing, web application, and exploitation experience. Central InfoSec team members have achieved industry leading professional certifications including OSCP, OSWP, GXPN, GPEN, GWAPT, GMOB, AWS-CSS, AWS-CCP, PenTest+, CEH, CISSP, and more. The Central InfoSec team goes one step further and develops open-source tools including Burp Suite extensions, Cobalt Strike aggressor scripts, scripts tying into tools (including GoPhish, PhishMe, Slack, Lair), other custom-built security tools, and Capture The Flag (CTF) events!
Achieved Awards
Central InfoSec has achieved the following industry awards:
Best Penetration Testing & Security Consulting Firm — Corporate Excellence Awards, 2021
5 Best Cyber Security Companies to Watch — The Silicon Review, 2021
10 Best Security Companies — CIO Bulletin, 2021
10 Most Promising Cybersecurity Consulting/Service Companies — CIO Review, 2020
Social Media links:
https://www.facebook.com/centralinfosec/
https://twitter.com/centralinfosec
https://www.linkedin.com/company/centralinfosec/
https://twitter.com/JAMESM0RR1S
