Rating:

# Leak audit

>Forensics

>Points - 200

```
We found an old dump of our employee database on the dark net! Please check the database and send us the requested information:

How many employee records are in the file?

Are there any employees that use the same password? (If true, send us the password for further investigation.)

In 2017, we switched to bcrypt to securely store the passwords. How many records are protected with bcrypt?

Flag format: answer1_answer2_answer3 (e.g., 1000_passw0rd_987).
```

---

The simplest way to solve this is probably to just open the databsae using `sqlite3` ... A simple `.schema` will now inform you about the database's general structure:

![schema](./schema.png)

Now... simply use three or less queries to answer all of the task statement's questions:

1. _How many employee records are in the file?_

```sql
SELECT COUNT(*)
FROM personal;
```

```txt
376
```

2. _Are there any employees that use the same password? (If true, send us the password for further investigation.)_

```sql
SELECT password, COUNT(*) "count"
FROM personal
GROUP BY password
HAVING count > 1;
```

```txt
mah6geiVoo|2
```

3. _In 2017, we switched to bcrypt to securely store the passwords. How many records are protected with bcrypt?_

```sql
SELECT COUNT(*)
FROM personal
WHERE password LIKE '$2b$%';
```

```
21
```

Now, reconstructing the flag was no problem at all: `flag{376_mah6geiVoo_21}`

Original writeup (https://github.com/lightningsarp/CTF-Players/blob/master/2020/Syskron%20Security%20CTF/Leak%20audit/README.md).