CTFtime.org

cant_even_unplug_it

by N0t_a_C0p / Not_C0ps

Tags: dns 

Rating: 5.0

## Cant_Even_Unplug_It (Intro/Recon/Web)(102 pts)

### By: Not_C0ps

-----

The challenge says they created a website at the military-grade-secrets.dev subdomain, then they changed their website name before their boss finally took the website offline.

Hints:
These are HTTPS sites. Who is publicly and transparently logging the info you need?
Just in case: all info is freely accessible; no subscriptions are necessary. The names cannot really be guessed.

Where to begin… Well we start off by knowing that all domain names and name changes are routed through and tracked by DNS (Domain Name System). Using nslookup (on powershell or cmd) military-grade-secrets.dev doesn’t return us any useful information. So, I found a website which gives historical DNS data for a given domain.

[Historical DNS Tool](https://securitytrails.com/dns-trails)

![](https://imgur.com/k2H4m43.jpg)

So, let’s see what we can find about the domain we are given.

![](https://imgur.com/Lf0sm7X.jpg)

Nothing to note in the DNS Records or Historical Data section, but we have found 4 subdomains. The most important ones are the bottom two. Let’s check if either of these domains lead us to a website. Unfortunately, in both cases we get the same result.

![](https://imgur.com/311YUK9.jpg)

So, we don’t find a website, but we do find out that both those domains are aliases for another domain, forget-me-not.even-more-militarygrade.pw.
Running this domain through the historical data tool we find:

![](https://imgur.com/9cT2l3b.jpg)

This is even better! This means this domain forget-me-not.even-more-militarygrade.pw was once run on Digital Ocean (A service that hosts VMs for people). We can logically conclude then, that this domain once led to the website we are looking for. The best place to find information on archived websites is the Way Back Machine (https://archive.org/web/).

![](https://imgur.com/evVDyRC.jpg)

Checking the most recent snapshot on April 27, 2019:

![](https://imgur.com/jfYeMzr.jpg)

And there we have it, the flag is ooo{DAMNATIO_MEMORIAE}.
It is important to note that using the two domains (secret-storage.military-grade-secrets.dev or now.under.even-more-militarygrade.pw.military-grade-secrets.dev) that aliased forget-me-not.even-more-militarygrade.pw in the Way Back Machine would redirect us to the same page seen in the previous Way Back search result picture. A straightforward challenge, but time consuming and interesting none the less. Until next time, thanks for reading!

[Original Writeup](https://github.com/frank-cerny/CTFs/blob/master/Defcon_Quals_2019/Cant_Even_Unplug_It/cant_even_unplug_it_writeup.pdf)

Comments