It's been a fun last quarter of 2020 and we are now in the second last week of the Magnet Weekly CTF Challenge. This is a short week with a two part challenge, compared to the muti-part challenges the last two weeks so let's go!
Challenge 11 (Dec 14-21)
What is the IPv4 address that myaccount.google.com resolves to?
Considering that the question revolves around IP addresses and name resolution, the first step I did was to dump available network packets from the memory image using the networkpackets plugin for Volatility before analyzing the resultant pcap file with Wireshark.
> vol.py -f memdump.mem --profile=Win7SP1x64 networkpackets -D networkdump
Opening up the pcap file from networkpackets, I checked for resolved addresses under the Statistics menu but did not see any reference to myaccount.google.com. I then did a string search across the network packets and found the answer.
Answer: 172.217.10.238
Challenge 11 (Dec 14-21) Part 2
What is the canonical name (cname) associated with Part 1?
Looking at the highlighted packet above, we can see the CNAME associated with myaccount.google.com.
Answer: www3.l.google.com
And that wraps up week 11!
No comments:
Post a Comment