You have a low-priv shell. Credentials for the dbadmin account are scattered across configs, history files, and memory dumps. Find them and switch user to read the flag.
