Hacktober 2020 CTF - Address Book
Oct 17, 2020
Challenge Description
Shallow Grave University has provided us with a dump of their database. Find luciafer's email address and submit it as the flag in this format: flag{username@email.com}
Solution
we where givven a backup sql file to look inside :
head shallowgraveu.sql
-- MySQL dump 10.13 Distrib 5.7.30, for Linux (x86_64)
--
-- Host: 192.168.1.183 Database: westridge
-- ------------------------------------------------------
-- Server version 8.0.19
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
For this i had to import the sql backup file, but there was a little problem when trying to do so
m3dsec@local:~/ht/sql/Body_Count$ sudo mysql -u root -p dbs < shallowgraveu.sql Enter password: ERROR 1273 (HY000) at line 25: Unknown collation: 'utf8mb4_0900_ai_ci'
To solve this i had to replace the default characters set DEFAULT CHARSET and the COLLATE value
DEFAULT CHARSET=utf8mb4 => DEFAULT CHARSET=utf8 COLLATE=utf8mb4_0900_ai_ci; => COLLATE=utf8_general_ci;
Then we can proceed with no problem
m3dsec@local:~/ht/sql/Body_Count$ sudo mysql -u root -p dbs < shallowgraveu_fixed.sql Enter password: m3dsec@local:~/ht/sql/Body_Count$ sudo mysql -u root -p dbs Enter password: Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 42 Server version: 10.3.23-MariaDB-1 Debian buildd-unstable Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [dbs]> show tables; +------------------+ | Tables_in_dbs | +------------------+ | countries | | courses | | degree_types | | enrollments | | passwords | | payment_statuses | | programs | | roles | | roles_assigned | | states | | term_courses | | terms | | users | +------------------+ 13 rows in set (0.001 sec) MariaDB [dbs]>
Searching for patterns like luc inside users table :
MariaDB [dbs]> SELECT email FROM users WHERE email LIKE '%luc%'; +-----------------------------------+ | email | +-----------------------------------+ | distort.pluck2261@newisc.com | | luc1afer.h4vr0n@shallowgraveu.com | | soul.pluck6051@avagor.com | +-----------------------------------+ 3 rows in set (0.000 sec)
We get the luciafer email adress back:
Flag : flag{luc1afer.h4vr0n@shallowgraveu.com}