AUCTF 2020 – Block 2 Writeup


Billy runs a minecraft server. He wants to know which block was rolled back. Can you help him?

The challenge also provided an archive called co_block.sql.gz

The first step is extracting the files from the gz file.

We can see that there was just one file compressed, called co_block.sql

We can analyse the first lines of the file using head command:


At this point, we realised that the file contains some queries that can be run by MySQL.

So, let’s go ahead and start MySQL:


Now, we need to create a new database and run the queries in the sql file by issuing the following commands:


Now that we have successfully imported the database, we can enumerate its tables and columns by executing some SHOW and DESCRIBE queries:


To conclude we just need to retrieve the row where rolled_back is set to 1:


And now we have the flag.

This challenge was solved by my team, ducks0ci3ty.