Sequel Machine Checklist
1️⃣ Lab Setup & Scope
- HTB OpenVPN Connected
- Target machine spawned/running
- Target IP identified:
10.129.101.220 - PING check successful
- Legal HTB Lab session verified
2️⃣ Network Discovery
- Target IP confirmed:
10.129.101.220 - Local HTB IP identified
3️⃣ Port Scanning
- All 65535 ports scanned (Found Port 3306 via Rustscan)
- Service versions and default scripts detected (MariaDB 10.3.27)
4️⃣ Service Enumeration
Database (MariaDB - 3306)
- Unauthenticated root login tested & successful
- Databases listed (
show databases;) - Target database identified (
htb) - Tables listed (
show tables;)
5️⃣ Vulnerability Identification
- Path identified (Unprotected database service exposed to the internet)
6️⃣ Initial Access (Foothold)
- Database access obtained via
mysqlclient - Verified full control over the
htbdatabase
7️⃣ Post-Exploitation Enumeration
- Sensitive records searched (
users,config) - Flag value found in
configtable
8️⃣ Privilege Escalation
- Not Required (Data accessible directly)
9️⃣ Flags / Proof of Compromise
- Flag found & submitted:
7b4bec00... - Evidence captured (Screenshots organized)
🔟 Cleanup & Documentation
- Notes completed in Obsidian
- Screenshots organized in
evidence/
🏁 Machine Completion Status
- Pwned ✅
- Flags Submitted to HTB ✅
➡️ Machine SOLVED 🏆