Web Exploitation - SQL Direct - writeup
description
Connect to this PostgreSQL server and find the flag!
psql -h saturn.picoctf.net -p 49248 -U postgres pico
Password is postgres
writeup
Ok let’s first connect to the database server:
1
| psql -h saturn.picoctf.net -p 49248 -U postgres pico
|
the password is ‘postgres’
Let’s list all databases first
1
2
3
4
5
6
7
8
9
10
11
| pico=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access privileges
-----------+----------+----------+------------+------------+-----------------------
pico | postgres | UTF8 | en_US.utf8 | en_US.utf8 |
postgres | postgres | UTF8 | en_US.utf8 | en_US.utf8 |
template0 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres +
| | | | | postgres=CTc/postgres
template1 | postgres | UTF8 | en_US.utf8 | en_US.utf8 | =c/postgres +
| | | | | postgres=CTc/postgres
(4 rows)
|
Connect to the ‘pico’ database
List all tables
1
2
3
4
5
6
| pico=# \dt
List of relations
Schema | Name | Type | Owner
--------+-------+-------+----------
public | flags | table | postgres
(1 row)
|
the table ‘flags’ sounds interesting …
lets look at the contents:
1
2
3
4
5
6
7
| pico=# select * from flags;
id | firstname | lastname | address
----+-----------+-----------+----------------------------------------
1 | Luke | Skywalker | picoCTF{L3arN_S0m3_5qL_t0d4Y_a26695df}
2 | Leia | Organa | Alderaan
3 | Han | Solo | Corellia
(3 rows)
|
There is our flag.
1
| picoCTF{L3arN_S0m3_5qL_t0d4Y_a26695df}
|
