New Addition

Challenge:

DEADFACE tried to add a user to the ESU database. What is the username of the user they tried to add to the database?

Submit the flag as flag{username}.

Use the packet capture from Scans.

Solution:

Similar to our approach in the previous challenge Escalation we started this challenge by reviewing the streams previously identified as containing remote shell traffic, specifically streams to destination port 4815.

At the beginning of stream 5158 we spotted the attacker attempting to add the user areed2022 to the esu database:

root@esu-web-7734:~# mysql -u backup -pbackup123 -D esu -e "INSERT INTO users (username, first, last, email, street, city, state_id, zip, gender, dob) VALUES ('areed2022', 'Alexandra', 'Reed', 'fake@email.com', '830 Iowa Place', 'Reese', 23, '48757', 'f', '1999-08-19');"

< Place', 'Reese', 23, '48757', 'f', '1999-08-19');"
mysql: [Warning] Using a password on the command line interface can be insecure.
ERROR 1142 (42000) at line 1: INSERT command denied to user 'backup'@'localhost' for table 'users'

The accepted flag was: flag{areed2022}