Counting Heads

Challenge:

DEADFACE compromised a database from Eastern State University. They fired their security team, and now they're reaching out to you to see if you can help them figure out the scope of the breach. Below is a link to the compromised database.

How many users are in the database? Submit the flag as flag{#}.

Solution:

The provided Zip archive contained a MySQL database dump:

$ head esu.sql 

-- MySQL dump 10.13  Distrib 8.0.19, for Linux (x86_64)
--
-- Host: localhost    Database: esu
-- ------------------------------------------------------
-- Server version	8.0.19

Using the dump file, we created a local database and imported the dump so we could run queries against it:

Note: Importing into MariaDB produces Unknown collation: 'utf8mb4_0900_ai_ci' messages. This can be fixed by running: sed -i 's/utf8mb4_0900_ai_ci/utf8mb4_unicode_ci/g' esu.sql before importing the dump.

$ sudo mysql -e "CREATE DATABASE esu"
$ sudo mysql esu < esu.sql 
$ sudo mysql -s esu

The challenge asked for the count of users in the database, so we reviewed the tables to determine where that data might live:

mysql> SHOW TABLES;
Tables_in_esu
countries
courses
degree_types
enrollments
passwords
payment_statuses
programs
roles
roles_assigned
states
term_courses
terms
users

The "users" table seems like the obvious choice, so the last step is to count the number of rows in that table:

mysql> SELECT COUNT(*) FROM users;
COUNT(*)
2400

The accepted flag was: flag{2400}