The Faculty


How many of the compromised users in the database are not students?

Submit the flag as flag{#}.

Use the database from Counting Heads.


Using the database we created during the Counting Heads challenge, we reviewed the user table but didn't find a column that seemed to designate a user as being a student or not:

mysql> DESCRIBE users;
Field	Type	Null	Key	Default	Extra
user_id	int	NO	PRI	NULL	auto_increment
username	varchar(52)	NO	UNI	NULL	
first	varchar(52)	NO		NULL	
last	varchar(52)	NO		NULL	
middle	varchar(24)	YES		NULL	
email	varchar(52)	NO	UNI	NULL	
street	varchar(52)	NO		NULL	
city	varchar(52)	NO		NULL	
state_id	int	NO	MUL	NULL	
zip	varchar(10)	NO		NULL	
gender	varchar(8)	NO		NULL	
dob	date	NO		NULL	

After reviewing the other available tables we found the 'roles' and 'roles_assigned' tables to be of interest:

mysql> SELECT * FROM roles;
role_id	role_name
5	Adjunct Professor
8	Administration
4	Associate Professor
2	Instructor
3	Professor
6	Research Assistant
7	Research Associate
1	Student

From the 'roles' table we know that students have a 'role_id' of 1, and after reviewing the 'roles_assigned' we see that it links a 'user_id' to a 'role_id':

mysql> DESCRIBE roles_assigned;
Field	Type	Null	Key	Default	Extra
role_assigned_id	int	NO	PRI	NULL	auto_increment
user_id	int	NO	MUL	NULL	
role_id	int	NO	MUL	NULL

Since the challenge is only asking for a count of non-students we can simply count the rows in 'roles_assigned' where 'role_id' is not equal to 1.

mysql> SELECT COUNT(*) FROM roles_assigned WHERE role_id != 1;

Or with a bit fancier query:

SELECT COUNT(user_id) FROM users WHERE user_id NOT IN (SELECT user_id FROM roles_assigned WHERE role_id = (SELECT role_id FROM roles WHERE role_name LIKE "Student"));

Or for better performance:

SELECT count(*) FROM users u JOIN roles_assigned ra ON ra.user_id = u.user_id JOIN roles r ON r.role_id = ra.role_id WHERE r.role_name <> 'Student';

The accepted flag was: flag{627}



Leave a comment