wrongsecrets icon indicating copy to clipboard operation
wrongsecrets copied to clipboard
verified publisher icon OWASP

Challenge idea: sqlite file with username/password dumps

Open bendehaan opened this issue 7 months ago • 1 comments

Context

  • What should the challenge scenario be like? A sqlite file with ~2000 username/password dumps, where the password is either (wrongly) hashed, encrypted, or both, from which a user is dynamically selected at runtime. The participant should find out the password belonging to the user.
  • What should the participant learn from completing the challenge? Wrong hashing/encryption for username/password tables.
  • For what category would the challenge be? Code/Docker

Did you encounter this in real life? Could you tell us more about the scenario?

Yes, a pseudonym generator that was easily traced to the unique entries.

If the challenge request is approved, would you be willing to submit a PR?

Yes

bendehaan avatar Jun 24 '25 08:06 bendehaan

Hey @bendehaan can i work on this one?

yashgoyal0110 avatar Sep 18 '25 11:09 yashgoyal0110