SQL INJECTION FUNDAMENTALS authenticating to mysql..

hey… so im doing the SQL INJECTION FUNDAMENTALS module… and im trying to connect to mysql with the following command:

mysql -u root -h 139.59.178.146 -P 30711 -p

(its the ip and port of the target)…
then it asks for password and i type in password and enter…

after a few minutes i get this error back:
ERROR 2002 (HY000): Can’t connect to MySQL server on ‘139.59.178.146’ (115)

now i tried so many different combos…
mysql -u root -h 139.59.178.146 -P 3306 -p

mysql -u root -h 139.59.178.146:30711 -P 3306 -p (even though it makes no sense…)

mysql -u root -h 139.59.178.146 -p
and many more… now nothing works always gets the same error…

can someone explain to what command is used to connect to my sql server?

its the same as shown in the module so i dont know why i get an error…

thank you

1 Like

At a guess - I haven’t done this lab - I’d suspect that the remote server hasn’t started correctly.

The error message is saying the server isn’t responding, which is rarely something you can fix.

If you have nmap you can try a quick check of nmap -Pn -sC -sV -p 30711 -vvvvv --reason 139.59.178.146 and see if it is listening, If it isn’t then double check the IP address and port are correct.

If they are correct, it might need someone to reset the server.

the ip address and port are correct and it something that happened to me for multiple days on different ip address… how an i reset the server? im using the box from this site not on my own parrot.

@ofekron said:

the ip address and port are correct and it something that happened to me for multiple days on different ip address… how an i reset the server? im using the box from this site not on my own parrot.

I dont know for sure as I haven’t done the academy lab. I’d suggest raising a jira ticket with HTB support.

I am having the same issue. Target: 139.59.166.56:31512 Time Left: 71 minutes Authenticate to 139.59.166.56 with user “root” and password “password” + 0 Connect to the database using the MySQL client from the command line. Use the ‘show databases;’ command to list databases in the DBMS. What is the name of the first database? =========== can’t ping the ip address. perhaps it’s not in the same network. my ip address is 209.97.137.189 eth0 , 10.16.0.117 eth0:1: and 10.10.14.216 tun0. Here is the ping response. PING 139.59.166.56 (139.59.166.56) 56(84) bytes of data. ^C — 139.59.166.56 ping statistics — 18 packets transmitted, 0 received, 100% packet loss, time 17374ms

Same issue. APRIL 2022

Okay, this is what worked for me.

So when you click the link that says target in questions it will give you an IP address with a port.

So for instance, you get @b15h4l 139.59.166.56:31512

You type in mysql -u root -h 139.59.166.56 -P 31512 -p

When the prompt says enter password: you type: password

Remember, you are give two parts when you get a target. The address and the port. The semicolon separates to two.

1 Like

Hi, thanks for the above input. Here is what worked for me:

Step 1:
Check using nmap that the actual server is up on that port :
t3n3br1s$> nmap -p 30157 167.172.55.137 -Pn -sV

Starting Nmap 7.92 ( https://nmap.org ) at 2022-09-22 18:39 BST
Nmap scan report for 167.172.55.137
Host is up (0.020s latency).
PORT      STATE SERVICE VERSION
30157/tcp open  mysql   MySQL 5.5.5-10.7.3-MariaDB-1:10.7.3+maria~focal

Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 0.91 seconds`

If successful, then proceed to step 2:

Step 2: {specify the --protocol flag as tcp (see above) and specify the --host flag as the target server}

t3n3bris$> mysql --protocol=tcp -u root --host=167.172.55.137 -P 30157 -p
Enter password: 

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 6
Server version: 10.7.3-MariaDB-1:10.7.3+maria~focal mariadb.org binary distribution

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

I do hope this works for everyone in future.