Flash CTF - Digging for Answers 2

Challenge Overview

A simple recon challenge where examining DNS records for a domain reveals a TXT record containing the flag

Initial Investigation

When first looking at this challenge, the description is quite clear about what you need to do: investigate a domain that doesn't seem to have a website or even resolve to an IP address. The key hint was in the title: "Digging for Answers" - this immediately suggests at the use of DNS tools, particularly dig.

The Approach

Since the domain doesn't resolve to an IP address, You'll need to look beyond the standard A record (which maps domain names to IP addresses). DNS has many different record types that can store various kinds of information, and CTF challenges often hide flags in less common record types.

Start with a basic DNS lookup to confirm what the description said:

nslookup diggingforanswers.chals.mctf.io

As expected, this returns "No answer" - the domain doesn't have an A record pointing to an IP address.

Understanding DNS Record Types

Before jumping to conclusions, it's helpful to understand what other types of DNS records exist and could potentially contain the flag. Here are some of the more common DNS record types:

  • A Record: Maps a domain name to an IPv4 address (most common)
  • AAAA Record: Maps a domain name to an IPv6 address
  • CNAME Record: Creates an alias for another domain name
  • MX Record: Specifies mail servers for the domain
  • TXT Record: Stores arbitrary text data (often used for verification, SPF, DKIM, etc.)
  • NS Record: Specifies the authoritative name servers for the domain
  • SOA Record: Contains administrative information about the domain
  • PTR Record: Maps IP addresses back to domain names (reverse DNS)
  • SRV Record: Specifies services available on the domain
  • CAA Record: Specifies which certificate authorities can issue certificates

TXT Records

We start with TXT records for a few reasons:

  1. They can store arbitrary text data
  2. They don't require the domain to have an IP address
  3. They're not commonly checked by regular users

All of these are perfect indicators of a possible flag for the challenge. We can check easily with the dig command (which is also hinted in the challenge title):

dig diggingforanswers.chals.mctf.io TXT

And it worked! The result showed:

;; ANSWER SECTION:
diggingforanswers.chals.mctf.io. 17 IN TXT "MetaCTF{d1ggy_d1ggy_wh0l3_r3c0rds}"

Interested in joining our team? Let’s connect!

Let's go

Upskill and assess cybersecurity talent through hands-on, bite-sized scenarios that mirror real work

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
About UsSkillBit LabsFor IndividualsCyber CompetitionsTerms of UsePrivacy Policy
Read Our Blog Case StudiesNews + EventsConnect With UsRequest a Demo