[Day 11] Advent of Cyber 3 (2021) | TryHackMe
Networking
Where Are The Reindeers?
Story
McDatabaseAdmin came rushing into the room and cried to McSkidy, “We've been locked out of the reindeer schedule - how will Santa's transportation work for Christmas?” The grinch has locked McDatabaseAdmin of his system. You need to probe the external surface of the server to see if you get him his access back.
Answer the questions below
Q.) There is an open port related to MS SQL Server accessible over the network . What is the port number?
A.) 1433
Process:- Start the machine and do nmap scan with -Pn flag.
nmap -Pn 10.10.210.171
Q.) If the connection is successful, you will get a prompt. What is the prompt that you have received?
A.) 1>
Process:- Make an sqsh connection with the given command,
Q.) We can see four columns in the table displayed above: id, first (name), last (name), and nickname. What is the first name of the reindeer of id 9?
A.) Rudolph
Process:- In the terminal, Execute the query,SELECT * FROM reindeer.dbo.names; , to get all the reindeer names and execute go to get the output.
Q.) Check the table schedule . What is the destination of the trip scheduled on December 7?
A.) Prague
Process:- In the terminal, Execute the query,SELECT * FROM reindeer.dbo.schedule; , to check the table schedule and executego to get the output.
Q.) Check the table presents . What is the quantity available for the present “Power Bank”?
A.) 25000
Process:- In the terminal, Execute the query,SELECT * FROM reindeer.dbo.presents; , to check the presentsschedule and executego to get the output.
Q.) There is a flag hidden in the grinch user's home directory. What are its contents?
A.) THM{YXXXXXXXXXXXXXXH}
Process:- Some MS SQL Servers have xp_cmdshellenabled. With the xp_cmdshell you can run any windows command in MS SQL. The command syntax is xp_cmdshell 'COMMAND'; .
In the terminal , Execute the command, xp_cmdshell 'type C:\Users\grinch\Documents\flag.txt'; . , to get the flag and execute go to get the output.
Thanks for reading.
Have a happy day :-)