SQL Challenges Like last year, there were several SQL Challenges that build on each other and whose solutions are discussed below. Prepare SQL To work with the SQL files we suggest to import the backup into a MySQL DBMS, so you can connect to the database and select the infos out of it 🙂 I used a maria-db docker container.
Password Insecurities Points 50 Description It looks like DEADFACE is going after the password of one of De Monne’s customers: Haily Poutress. She has since changed her password, but De Monne is looking for ways to improve password requirements. De Monne would like you to crack the password from the database leak to determine if Haily’s password was secure enough.
All A-Loan Points 375 Description De Monne has reason to believe that DEADFACE will target loans issued by employees in California. It only makes sense that they’ll then target the city with the highest dollar value of loans issued. Which city in California has the most money in outstanding Small Business loans? Submit the city and dollar value as the
El Paso Points 250 Description The regional manager for the El Paso branch of De Monne Financial is afraid his customers might be targeted for further attacks. He would like you to find out the dollar value of all outstanding loan balances issued by employees who live in El Paso. Submit the flag as flag{$#,###.##}. Use the MySQL database dump
Boom Point 100 Description DEADFACE actors will be targeting customers they consider low-hanging fruit. Check out Ghost Town and see who they are targeting. Submit the number of target candidates as the flag: flag{#} Use the MySQL database dump from Body Count. Hint Link to discussion DEADFACE Member https://ghosttown.deadface.io/t/who-are-we-hitting-first/60/10 Getting the flag They are targeting boomer generation (1946-1964) Now lets
City Lights Points 40 Description De Monne wants to know how many branch offices were included in the database leak. This can be found by figuring out how many unique cities the employees live in. Submit the flag as flag{#}. Use the MySQL database dump from Body Count. Get the flag To get this flag use this statement: select count(distinct(city))
Keys Points 20 Description One of De Monne’s database engineers is having issues rebuilding the production database. He wants to know the name of one of the foreign keys on the loans database table. Submit one foreign key name as the flag: flag{foreign-key-name} (can be ANY foreign key). Use the MySQL database dump from Body Count. Getting the flag Just