🌐 SQL Direct
A detailed write-up of the Web challenge 'SQL Direct' from PicoCTF - 2022
📊 Challenge Overview
Category Details Additional Info 🏆 Event PicoGym Event Link 🔰 Category Web 🌐 💎 Points Out of 500 total ⭐ Difficulty 🟡 Medium Personal Rating: 0/10 👤 Author Mubarak Mikail / LT ‘syreal’ Jones Profile 🎮 Solves (At the time of flag submission) 18.219 solve rate 📅 Date 11-02-2025 PicoGym 🦾 Solved By mH4ck3r0n3 Team:
📝 Challenge Information
Connect to this PostgreSQL server and find the flag! psql -h saturn.picoctf.net -p 59667 -U postgres pico Password is postgres
🎯 Challenge Files & Infrastructure
Provided Files
1Files: None
🔍 Initial Analysis
First Steps
The first thing I did was connect to the DB:
1psql -h saturn.picoctf.net -p 59667 -U postgres picofor the rest, let’s move on to the exploitation.
🎯 Solution Path
Exploitation Steps
Initial setup
Once connected, I used the
\dtcommand to view all the tables, and I noticed aflagstable.
Exploitation
So, by sending the following query:
1SELECT * FROM flags;I extracted the entire content of the
flagstable, where the flag was stored.
Flag capture
Manual Flag
🛠️ Exploitation Process
Approach
The exploit connects to the database using
psycopg2, exactly as done manually withpsql, and executes the querySELECT * FROM flags;to obtain the flag.
1 2# Dependencies pip install psycopg2
🚩 Flag Capture
Flag
Proof of Execution
Screenshot of successful exploitation Automated Flag
🔧 Tools Used
Tool Purpose Python Exploit psql DB Connection
💡 Key Learnings
New Knowledge
I have learned how to use
psql.
Skills Improved
- Binary Exploitation
- Reverse Engineering
- Web Exploitation
- Cryptography
- Forensics
- OSINT
- Miscellaneous
📚 References & Resources
Official Documentation
📊 Final Statistics
| Metric | Value | Notes |
|---|---|---|
| Time to Solve | 00:02 | From start to flag |
| Global Ranking (At the time of flag submission) | Challenge ranking | |
| Points Earned | Team contribution |
Created: 11-02-2025 • Last Modified: 11-02-2025 *Author: mH4ck3r0n3 • Team: *