search

SQL Challenges

hashtag
Setup Environment

Database dump is a MySql dump file, easiest way to recover it is to create database and use dump as source. Database sql file in Aurora Compromise.

└─# mariadb -u root -p
Enter password: 
...
Server version: 11.1.2-MariaDB Arch Linux
...

MariaDB [(none)]> CREATE DATABASE aurora;
Query OK, 1 row affected (0.001 sec)

MariaDB [(none)]> USE aurora;
Database changed
MariaDB [aurora]> SOURCE aurora.sql
...
Query OK, X rows affected (0.000 sec)
...

MariaDB [aurora]> SHOW TABLES;
+--------------------+
| Tables_in_aurora   |
+--------------------+
| billing            |
| credit_types       |
| drugs              |
| facilities         |
| insurors           |
| inventory          |
| orders             |
| patients           |
| positions          |
| positions_assigned |
| prescriptions      |
| staff              |
| suppliers          |
| transactions       |
+--------------------+
14 rows in set (0.000 sec)

hashtag
Aurora Compromise

Created by: syyntax

DEADFACE has taken responsibility for a partial database hack on a pharmacy tied to Aurora Pharmaceuticals. The hacked data consists of patient data, staff data, and information on drugs and prescriptions.

We’ve managed to get a hold of the hacked data. Provide the first and last name of the patient that lives on a street called Hansons Terrace.

Submit the flag as: flag{First Last}.

Download Database Dumparrow-up-right SHA1: 35717ca5c498d90458478ba9f72557c62042373f

Download System Design Specificationarrow-up-right SHA1: d6627aa2099a5707d34e26fc82bb532af6398575

hashtag
Solution

circle-check

Flag: flag{Sandor Beyer}

hashtag
Foreign Keys

Created by: syyntax

How many foreign keys are described in the design of the inventory table?

Submit the flag as flag{#}.

Use the database dump from Aurora Compromise.

hashtag
Solution

If you take a look in the given spec you can easily find (in design or data models) that table Inventory has 2 foreign keys: drug_id, facility_id.

You can also find how many foreign keys the table has with following query:

circle-check

Flag: flag{2}

hashtag
Credit Compromise

Created by: syyntax

How many credit cards were exposed in the Aurora database hack?

Submit the flag as flag{#}.

Use the database dump from Aurora Compromise.

hashtag
Solution

circle-check

Flag: flag{10391}

hashtag
Starypax

Created by: syyntax

Starypax (street name STAR) is a controlled substance and is in high demand on the Dark Web. DEADFACE might leverage this database to find out which patients currently carry STAR.

How many patients in the Aurora database have an active prescription for Starypax as of Oct 20, 2023? And whose prescription expires first?

Submit the flag as flag{#_firstname lastname}.

Use the database dump from Aurora Compromise.

hashtag
Solution

The hardest part of this challenge for me was understanding as of Oct 20, 2023 🤣, I thought it meant before october, but meant after...

circle-check

Flag: flag{7_Renae Allum}

hashtag
Transaction Approved

Created by: syyntax

Turbo Tactical wants you to determine how many credit cards are still potentially at risk of being used by DEADFACE. How many credit cards in the Aurora database are NOT expired as of Oct 2023?

Submit the flag as flag{#}.

Use the database dump from Aurora Compromise.

hashtag
Solution

circle-check

Flag: flag{8785}

hashtag
Genovex Profits

Created by: syyntax

Genovex, a pharmaceutical company, is concerned that DEADFACE will target their company based on how much money they made this year on prescriptions at the Aurora Health pharmacy. How much money did Genovex make in 2023 based on the Aurora database?

Submit the dollar value as the flag. Example: flag{$1234.56}

Note: Round to the nearest hundredths.

Use the database dump from Aurora Compromise.

hashtag
Solution

circle-check

Flag: flag{$19249.88}

hashtag
City Hoard

Created by: syyntax

Aurora is asking for help in determining which city has the facility with the largest inventory of Remizide based on the Aurora database.

Submit the flag as flag{city}.

Use the database dump from Aurora Compromise.

hashtag
Solution

circle-check

Flag: flag{Miami}

hashtag
Order Up

Created by: syyntax

Dr. Flegg prescribed Automeda to a patient in June 2023. What is the order number for this prescription?

Submit the flag as flag{order_num}.

Use the database dump from Aurora Compromise.

hashtag
Solution

circle-check

Flag: flag{DYP8AXK3QG9OTPWB}

hashtag
Counting STARs

Created by: syyntax

We know DEADFACE is trying to get their hands on STAR, so it makes sense that they will try to target the doctor who prescribes the most STAR from the Aurora database. Provide the first and last name and the type of doctor (position name) that prescribed the most STAR from the database.

Submit the flag as flag{FirstName LastName Position}.

For example: flag{John Doe Podiatrist}

Use the database dump from Aurora Compromise.

hashtag
Solution

From Starypax: Starypax (street name STAR) meaning we need Starypax drug.

circle-check

Flag: flag{Alisa MacUchadair Dermatologist}

hashtag
Clean Up on Aisle 5

Created by: syyntax

Based on Ghost Town conversations, DEADFACE is going to try to compromise an Aurora Health pharmacy to get their hands on STAR. Turbo Tactical wants to provide security personnel at Aurora with information about which facility, aisle, and bin contains the most STAR, since it is likely what DEADFACE will target.

Provide the facility_id, aisle, and bin where the most STAR is kept in the city DEADFACE is targeting. Submit the flag as flag{facility_id-aisle-bin}.

Example: flag{123-4-8}

Use the database dump from Aurora Compromise.

hashtag
Solution

Some osint is required for this challenge. Visit Ghost Townarrow-up-right and try to find post which matches given description.

Top -> Get after those northern lightsarrow-up-right -> lilith: Umm let me check… There are a bunch of facilities in Phoenix. I’d have to look at which ones have the most STAR.

For "aisle" and "bin" you need to refer the given spec, in the Inventory description you can find:

locator: The aisle (represented as “A”) and the bin (represented as “B”) where the drug is stored in the associated facility.

circle-check

Flag: flag{412-11-44}

hashtag
SHAttered Dreams

Created by: syyntax

DEADFACE is on the brink of selling a patient's credit card details from the Aurora database to a dark web buyer. Investigate Ghost Town for potential leads on the victim's identity.

Submit the flag as flag{Firstname Lastname}. Example: flag{John Smith}.

Use the database dump from Aurora Compromise.

hashtag
Solution

Go to Ghost Townarrow-up-right -> Top -> We got a potential buyerarrow-up-right

lilith: I’ll let him know! I told him to put this SHA1 hash in the notes of the transaction so we have a record of what was sold: 911d1fc5930fa5025dbc2d3953c94de9e4773584 ... No I’m actually including almost the full billing and patient data. I’m just concatenating the following: card number, expiration, CCV, patient_id, patient first name, patient last name, patient middle initial, patient sex, patient email, patient address (street, city, state, zip), patient dob

circle-check

Flag: flag{Berton Luchetti}

PreviousMalumNextScamazon

Last updated