Hacktober 2020 CTF - Body Count
Oct 17, 2020
Challenge Description
How many users exist in the Shallow Grave University database? Submit the flag in the following format: flag{#}
Use the file from Address Book.
Max attempts: 10
Solution
we where givven a backup sql file to look inside :
head shallowgraveu.sql
-- MySQL dump 10.13 Distrib 5.7.30, for Linux (x86_64)
--
-- Host: 192.168.1.183 Database: westridge
-- ------------------------------------------------------
-- Server version 8.0.19
/*!40101 SET @OLD_CHARACTER_SET_CLIENT=@@CHARACTER_SET_CLIENT */;
/*!40101 SET @OLD_CHARACTER_SET_RESULTS=@@CHARACTER_SET_RESULTS */;
/*!40101 SET @OLD_COLLATION_CONNECTION=@@COLLATION_CONNECTION */;
/*!40101 SET NAMES utf8 */;
For this i had to import the sql backup file, but there was a little problem when trying to do so
m3dsec@local:~/ht/sql/Body_Count$ sudo mysql -u root -p dbs < shallowgraveu.sql
Enter password:
ERROR 1273 (HY000) at line 25: Unknown collation: 'utf8mb4_0900_ai_ci'
To solve this i had to replace the default characters set DEFAULT CHARSET and the COLLATE value
DEFAULT CHARSET=utf8mb4 => DEFAULT CHARSET=utf8
COLLATE=utf8mb4_0900_ai_ci; => COLLATE=utf8_general_ci;
Then we can proceed with no problem
m3dsec@local:~/ht/sql/Body_Count$ sudo mysql -u root -p dbs < shallowgraveu_fixed.sql
Enter password:
m3dsec@local:~/ht/sql/Body_Count$ sudo mysql -u root -p dbs
Enter password:
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 42
Server version: 10.3.23-MariaDB-1 Debian buildd-unstable
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [dbs]> show tables;
+------------------+
| Tables_in_dbs |
+------------------+
| countries |
| courses |
| degree_types |
| enrollments |
| passwords |
| payment_statuses |
| programs |
| roles |
| roles_assigned |
| states |
| term_courses |
| terms |
| users |
+------------------+
13 rows in set (0.001 sec)
MariaDB [dbs]>
Our task consist us to search for how many users exist in the Shallow Grave University, we can use the DISTINCT Statement to return uniqu values from usernames table :
MariaDB [dbs]> select DISTINCT username from users;
+-----------------------+
| username |
+-----------------------+
| 0b5cure.lock |
| 1acktest5164 |
| 1ead_rebel |
...
...
| yard_begin1317 |
| z0n3.vouch3r |
+-----------------------+
900 rows in set (0.000 sec
we have 900 uniqu username and our flag is flag{900}