Forensics

Who I am?

I can’t believe how much time i spend on this one. Going through whois records, history of the website. Even going through code sources of a lot of pages, using netcraft.com. I used dig on the website also and nada.

The lesson i learned is that when dig is used without an argument it will default to asking for “A” records and that was my mistake.

From now on, always use -t any.

dig -t any ringzer0team.com

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t any ringzer0team.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37392
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;ringzer0team.com.		IN	ANY

;; ANSWER SECTION:
ringzer0team.com.	3599	IN	A	212.82.233.140
ringzer0team.com.	3599	IN	A	62.240.232.130
ringzer0team.com.	3599	IN	A	62.240.232.140
ringzer0team.com.	3599	IN	A	195.157.4.130
ringzer0team.com.	3599	IN	A	195.157.4.140
ringzer0team.com.	3599	IN	A	212.82.233.130
ringzer0team.com.	3599	IN	NS	ns17.domaincontrol.com.
ringzer0team.com.	3599	IN	NS	ns18.domaincontrol.com.
ringzer0team.com.	3599	IN	SOA	ns17.domaincontrol.com. dns.jomax.net. 2017101208 28800 7200 604800 3600
ringzer0team.com.	3599	IN	MX	10 mailstore1.secureserver.net.
ringzer0team.com.	3599	IN	MX	0 smtp.secureserver.net.
ringzer0team.com.	3599	IN	TXT	"FLAG-305l9RR202HG695t6Y8ZU77xyq"
ringzer0team.com.	3599	IN	TXT	"uid=0(root) gid=0(root) groups=0(root)"

;; Query time: 61 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Oct 16 15:46:36 EDT 2017
;; MSG SIZE  rcvd: 398

The flag is FLAG-305l9RR202HG695t6Y8ZU77xyq