Rating: 3.0

**This is a possible solution, provided by Syskron Security.**

## Try to access the link
Going to https://[…]/bbd1595da2871a8f0c87c9042c4918f7661b8615/ shows that you need a username and a password. The login is restricted to the IT department of BB Industry a.s. (written in Czech).

## Find someone who works in the IT department
On https://[…]/career/, there are two employees (Karel and Lenka). Karel is the head of IT at BB Industry, so he likely has access to the folder. This means we need the username and password of Karel.

## Find the username of Karel
From the career page, you can navigate to https://[…]/job-2195/. On this page, you see the e-mail address len.vapenikova[at]bb-industry.cz. Obviously, usernames are the first the characters of the given name and the surname. This means that Karel's username could start with kar; however, we don't have the surname so far.

## Find Karel's surname
Examining the picture of Karel reveals his surname (Tauchmann). So the username is kar.tauchmann.

## Find Karel's password
To get the password, we have to look at the leaked employee database (part of the "Leak audit" challenge of the CTF). Get the old password of Karel (`SELECT password FROM personal WHERE givenname = "Karel" AND surname = "Tauchmann";` = `ultra$ecureHESLO2o17`). This won't work because he updated his password in the meantime to `ultra$ecureHESLO2o2o`. Use the username and password to bypass the authentication.

## Decrypt the 7zip file
In the folder, there are two files (encrypted 7z files and a txt file). You have to decrypt the 7z file. In the txt file, you can read that these files belong to Lenka, Head of HR. Get Lenka's password from the database dump (`SELECT password FROM personal WHERE givenname = "Lenka" AND surname = "Vápeníková";` = `MilujuJablka`). Use the password to decrypt the 7z file.

## Find the flag
In the 7z file, there are 1000 files. Use scripting to quickly iterate through the files to get the flag (e.g., `grep -R "syskronCTF" *`).

Flag: `syskronCTF{th4NK5-F0r-ur-W0Rk}`

Rb916120Oct. 31, 2020, 4:29 p.m.

where you found the leaked employee database?

syssec-bsNov. 1, 2020, 12:06 p.m.

>where you found the leaked employee database?
The database was part of the easier challenge "Leak audit."