Passing on Complexity

Challenge:

ESU's IT staff swears up and down that the backup user's password is secure and follows best practice. Their internal auditors are not convinced and are asking for your help to determine the backup user's password at the time of the breach.

Submit the flag as flag{password}.

Use the packet capture from Scans.

Solution:

The password for the backup user was actually already identified in the previous related challenge New Addition when the attacker was attempting to add a new user to the database:

root@esu-web-7734:~# mysql -u backup -pbackup123 -D esu -e "INSERT INTO users (username, first, last, email, street, city, state_id, zip, gender, dob) VALUES ('areed2022', 'Alexandra', 'Reed', 'fake@email.com', '830 Iowa Place', 'Reese', 23, '48757', 'f', '1999-08-19');"

The accepted flag was: flag{backup123}