AAAA
1 minute to read
We are given this domain: number6challenge.imaginaryctf.org.
DNS enumeration
Since the challenge is called “AAAA”, we can think of the AAAA record in DNS (more information here). To check it, we can use dig:
$ dig number6challenge.imaginaryctf.org AAAA
; <<>> DiG 9.10.6 <<>> number6challenge.imaginaryctf.org AAAA
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 14021
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;number6challenge.imaginaryctf.org. IN AAAA
;; ANSWER SECTION:
number6challenge.imaginaryctf.org. 300 IN AAAA 6963:7466:7b69:7076:363f:5f77:6879:3f7d
;; Query time: 54 msec
;; SERVER: 208.67.222.222#53(208.67.222.222)
;; WHEN: Wed Dec 21 12:06:08 CET 2022
;; MSG SIZE rcvd: 90
Here we see a strange string: 6963:7466:7b69:7076:363f:5f77:6879:3f7d. Actually, they are hexadecimal numbers that correspond with printable ASCII characters, so it seems to be the flag.
Flag
There it is:
$ python3 -q
>>> bytes.fromhex('6963:7466:7b69:7076:363f:5f77:6879:3f7d'.replace(':', ''))
b'ictf{ipv6?_why?}'