Magnet Weekly CTF, Week 11 Solution Walk Through

Challenge 11, Part 1: What is the IPv4 address that myaccount.google.com resolves to?

I was able to find this pretty quick going back to last week’s artifacts. In week 10, I used bulk_extractor to carve a PCAP out of the memory image.

Opening the same PCAP file I applied a String filter for ‘myaccount’.

Wireshark viewing PCAP carved from Memory

In the highlighted row we can see a DNS resolution for myaccount.google.com coming back as 172.217.10.238. [Flag 1]

Challenge 11, Part 2: What is the canonical name (cname) associated with Part 1?

Scrolling further to the right on the same entry, we see that the CNAME for myacccount.google.com was www3.l.google.com. [Flag 2]

One thought on “Magnet Weekly CTF, Week 11 Solution Walk Through

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s