RingZer0-18 - Who I Am?
Forensics
Who I am?
I can’t believe how much time i spend on this one. Going through whois records, history of the website. Even going through code sources of a lot of pages, using netcraft.com. I used dig on the website also and nada.
The lesson i learned is that when dig is used without an argument it will default to asking for “A” records and that was my mistake.
From now on, always use -t any.
dig -t any ringzer0team.com
; <<>> DiG 9.10.3-P4-Ubuntu <<>> -t any ringzer0team.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37392
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;ringzer0team.com. IN ANY
;; ANSWER SECTION:
ringzer0team.com. 3599 IN A 212.82.233.140
ringzer0team.com. 3599 IN A 62.240.232.130
ringzer0team.com. 3599 IN A 62.240.232.140
ringzer0team.com. 3599 IN A 195.157.4.130
ringzer0team.com. 3599 IN A 195.157.4.140
ringzer0team.com. 3599 IN A 212.82.233.130
ringzer0team.com. 3599 IN NS ns17.domaincontrol.com.
ringzer0team.com. 3599 IN NS ns18.domaincontrol.com.
ringzer0team.com. 3599 IN SOA ns17.domaincontrol.com. dns.jomax.net. 2017101208 28800 7200 604800 3600
ringzer0team.com. 3599 IN MX 10 mailstore1.secureserver.net.
ringzer0team.com. 3599 IN MX 0 smtp.secureserver.net.
ringzer0team.com. 3599 IN TXT "FLAG-305l9RR202HG695t6Y8ZU77xyq"
ringzer0team.com. 3599 IN TXT "uid=0(root) gid=0(root) groups=0(root)"
;; Query time: 61 msec
;; SERVER: 127.0.0.53#53(127.0.0.53)
;; WHEN: Mon Oct 16 15:46:36 EDT 2017
;; MSG SIZE rcvd: 398
The flag is FLAG-305l9RR202HG695t6Y8ZU77xyq