Sql Leakage
Overview
S C E N A R I O
A web application has been compromised through a SQL injection vulnerability, allowing an attacker to exfiltrate sensitive database information. The attack was carried out using automated techniques and left traces in the MySQL server logs. These logs contain evidence of how the attacker extracted administrator credentials using advanced SQL injection methods. Your task is to perform a forensic analysis of these logs to reconstruct the stolen data and understand the attack methodology.
O B J E C T I V E
Analyze the provided MySQL log files to identify malicious SQL injection activity and reconstruct the exfiltrated administrator credentials. Understand how boolean-based blind SQL injection was used to extract data character by character, then recover the username and crack the extracted password hash to obtain the plaintext password.
Provided Files Sql_Leakage.zip
Infrastructure Downloadable Disk Image
Flag Format FLAG{username|password}