HACKVent 2014 - Day 10 writeup
I’ve sign up for the Hackvent event made by the guys from www.hacking-lab.com, which is a advent-like hacking competition. Every day there is a new challenge posted at midnight which has a to solved at best in the same day, the challenge becoming increasingly more difficult every week completed. The aim in every puzzle is to find either a qr-encoded x-mas ball with lead to the validation code, or a secret human-readable string which gives you the former ball when feeding into a validator (the “Ball-O-Matic”).
Here’s the write-up for the tenth challenge, in which I debug SQL queries without knowing a thing about SQL.
How I Learned to Stop Worrying and Love SQL Part :
For the Day 10 Hackvent challenge, we were given the following instructions :
For this challenge, the authors didn’t even gave a damn about obfuscating the way to the solution. It’s in plain sight : use your sql-fu to get the answer. SQLfiddle.com is a great site to test and run your sql database and queries. It also has a script to converse text-based table into proper SQL schema :
We got a resulting code with 5 texts separated by dashes. But the submission code (the one encoded in qr xmas ball) has the following format :
HV14-xxxx-xxxx-xxxx-xxxx-xxxx. We have to tweak the query in order to get the valid code.
In other words we have to transform the
HV14. the query used to get the first part is the following :
It’s a simple substitution table, so you have to enter
nerd in order to get
HV14. We obtain the next code :
However, it’s not a valid code, so let’s take another look at the whole query. The thing is, in SQl, the
&1 char also mean it’s the first input argument of a progrem (kinda like
$1 in bash or
sys.argv in python) so we have to replace every occurences of
nerd. The resulting code is valid :
That was easier than I anticipated.