Minty CandyCane: The Name Game
![](/hh2018//assets/img/elves/minty/avatar.png)
The Elf's Request
![](/hh2018//assets/img/elves/minty/question.png)
The Terminal Riddle
![](/hh2018//assets/img/elves/minty/riddle.png)
The Solution
Need to make a nametag with someone she doesn’t remember last name. From California of New Yorker. Last name Chan
Need a name of someone. They are making a badge
There is a SQL Lite Database that the data is sent to
Its easy, so I think I need to just break out and run sqllite
In the Riddle, there are three options, 1, 2 and Q for quit.
Selecting option 2, you can provide and IP address and it will be pinged. Assuming that the input is not properly santized, and that whatever is inputed is sent directly to the execution, I appended the IP address with a shell command
This gave me shell:
![](/hh2018/assets/img/elves/minty/1.png)
There is a database called main and a table called “onboard”
![](/hh2018/assets/img/elves/minty/1.1.png)
Seeing a table called “onboard”, then use the .schema command to see the columns.
![](/hh2018/assets/img/elves/minty/2.png)
Running the select statement,
![](/hh2018/assets/img/elves/minty/2.png)
![](/hh2018/assets/img/elves/minty/3.png)
Then, run the sql command select fname,lname from onboard where lname=”Chan”;
Then, runtoanswer then entered Scott.
Terminal Success
![](/hh2018//assets/img/elves/minty/success.png)
The Hint
![](/hh2018//assets/img/elves/minty/hint.png)