\> PicoCTF 2022 Writeups

This website contains Jackwin Hui's writeups for the 2022 PicoCTF competition.

PicoCTF2022 - SQL Direct

Description

Connect to this PostgreSQL server and find the flag! Additional details will be available after launching your challenge instance.

Connect to this PostgreSQL server and find the flag!

psql -h saturn.picoctf.net -p 49197 -U postgres pico

Password is postgres

Information

Point Value: 200 points

Category: Web Exploitation

Hints

(None)

Solution

After opening up PostgreSQL in our terminal, we want to list all tables in the database. We use the command \dt to list all tables in the current database. pico=# \dt
          List of relations
 Schema | Name  | Type  |  Owner
--------+-------+-------+----------
 public | flags | table | postgres
(1 row)
 We see that the name of the table is called "flags". To view all the data in the table, we can use the command select * from flags to show all the data in the table. pico=# select * from flags;
 id | firstname | lastname  |              address
----+-----------+-----------+----------------------------------------
  1 | Luke      | Skywalker | picoCTF{L3arN_S0m3_5qL_t0d4Y_21c94904}
  2 | Leia      | Organa    | Alderaan
  3 | Han       | Solo      | Corellia
(3 rows) We see the flag displayed in the "address" column.

Flag

picoCTF{L3arN_S0m3_5qL_t0d4Y_21c94904}