(f) - Exploiting DNS

Want to run this Docker container locally?

docker run -d --restart always -p 9011:53/tcp -p 9011:53/udp -p 9012:80 --name flag-f joshbeck2024/ctf-zone-transfer-flag-f

Important Notes:

DNS is on port 9011 (Very non-standard)
HTTP is on port 9012

This machine has a DNS server that is configured to accept zone transfer requests from anyone on the internet. It was inspired by the 2016 North Korea hack where the North Korean government left some of the their DNS servers in this type of misconfigured state and hackers were able to see the information and name records held within the servers there.

Here is an article describing that hack. Click Here

If we go to the IP address of the box in the web browser:

<http://172.25.200.200:9012>

You’ll see we are redirected to box1.beck.hackme. Flag D describes what a redirect like this is and how to handle it. Let’s assume open up /etc/hosts and add an entry for 172.25.200.200 and see if that gets the job done.

pico /etc/hosts

Once we are at the webpage, if we inspect the source code we’ll see that there is a comment at the bottom

Here we have another domain name. Let’s add that to /etc/hosts as well.

pico /etc/hosts

Want to run this Docker container locally?

If we go to the IP address of the box in the web browser:

Once we are at the webpage, if we inspect the source code we’ll see that there is a comment at the bottom

Here we have another domain name. Let’s add that to /etc/hosts as well.

This hint is designed to get you to think: Zone Transfer!