we
are investigating an illegal online gambling site. To find any evidence
to support for illegal gambling, we must access the oracle database
with administrator privileges. The suspect says that he does not know
the administrator password, but we know for sure that he is lying.
The password is estimated to be longer than 8 characters. However, we
don't have enough time to apply a brute-force attack. In order to
request an arrest warrant, we must find the evidence of illegal gambling
before the YUT-Challenge is over.
By using social engineering, we were able to find various data about the
suspect. By analyzing the data, the suspect always include last four
digits('1024') of his phone number in his password. Hence, we may assume
that his phone number is included in the administrator password for the
database.
The given file is the dump file of sys.user$ table in oracle database.
(The data file of system tablespace is too big to upload.)
Find the password of 'SYSTEM' account.
Use flagCheck to input the flag you get from the challenge to get the actual flag
Author: Ministry of Science and ICT