PicoCTF2018 - Forensics - What's My Name? Objective : Say my name, say my name [1] . Hints: (1) If you visited a website at an IP address, how does it know the name of the domain? Solution so the hint is point us to DNS, since that is the service that translates names to ip so I just filtered the pcap for DNS There are only two DNS packets in the capture the first is a a query to dns to find out the ip for thisismyname.com 55 1418.342859 192.168.2.12 192.168.2.1 DNS 316 Standard query response 0xaaa0 ANY thisismyname.com A 192.168.2.13 CNAME myname.com MX 5 myname.com MX 10 mx2.myname.com MX 20 mx3.myname.com NS ns1.myname.com NS ns2.myname.com TXT SOA ns1.thisismyname.com The second is the server's response here is the result of following the UDP ... .........thisismyname.com.......)............... .....thisismyname.com..............,..... .........,. .myname...........,.....>.........,... .mx2.>.........,.....mx3.>........Q....n
@circusmonkey404 on the twitters; DM for contact