Boom

Table of Contents

Who can ever think that there’s even someone that would try to store binary data in an schema?

Problem

Richard lost his picture in a mySQL table. Can you help him find it?

Standard Flag Format auctf{}

Solution

Judge from boom.sql, a binary file named hi-res-ba0782735805201b04a654215730b793_crop_exact.7z was inserted into the schema.

We can not directly copy those Hex stream from the SQL script, as it contains escape characters.

So, make a new MySQL database.

Then in MySQL console,

source boom.sql

Now we can extract the 7z file.

mysql -u*** -p*** -D*** -e"select image from images" --raw > ./output.withoutescape

From the 7z file we can get a pic:

boom-pic

Do some image manipulation..

boom

Flag is auctf{B00M_!!}

Nemo Xiong avatar
Nemo Xiong
ex-Cybersecurity Executor, now a student in Unimelb
comments powered by Disqus