~$ Digital Overdose CTF Official Writeup #1 - Outage

Posted on Oct. 11th, 2021.

Tags:CTFWrite-Up


This is the official developer writeup for the challenge 'Outage - The usual suspect' that was created for the Digital Overdose Autumn 2021 CTF.

The two other writeups published for this event are:

Summary



Challenge description and statistics

Challenge description on RACTF

The text reads:

Digital Overdose has a website, and you can access some information about it without really needing to visit, a bit like a phone book of sorts.

Find the flag :)

Out of the 63 correct submissions (First blood by pidnull), this challenge was rated 100% by all contestants.



Context

There is a quite a common meme nowadays when it comes to availability outages on the Internet, because it usually comes down to the same exact type of failure, most accurately summed up by:



Writeup

As such, the title was already enough for most people to solve the challenge. If the player was unaware of this though, that is where the description comes in: What data can you get about a website, without visiting it. Bonus points if it is "Like an address book".

This question has a few simple answers:

  • WHOIS data
  • Page metadata
  • DNS records

When considering DNS, one needs to think about what type of records could be used to store information. The obvious response would be TXT records:

```txt $ dig -t txt digitaloverdose.tech ; <<>> DiG 9.11.3-1ubuntu1.11-Ubuntu <<>> -t txt digitaloverdose.tech ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 57034 ;; flags: qr rd ad; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;digitaloverdose.tech. IN TXT ;; ANSWER SECTION: digitaloverdose.tech. 0 IN TXT "keybase-site-verification=YzZfhDKfOJdQ2b2Z_mMITYSzjQIN9Qd7dfYkQ5sz77k" digitaloverdose.tech. 0 IN TXT "google-site-verification=qN3ndcZtU8mXrY_HbsDCQeSzel93DrZAWidDZ5Ol1gY" digitaloverdose.tech. 0 IN TXT "DO{1T$_4LW4Y$_DN5}" digitaloverdose.tech. 0 IN TXT "google-site-verification=SNWrpKpmjvLywAg9yOnJ7f5aCy7rqMvWQZwHyVEc7yE" digitaloverdose.tech. 0 IN TXT "v=spf1 include:spf.efwd.registrar-servers.com ~all" ```

Huh, what's that in line 15? It is a flag!

The flag is DO{1T$_4LW4Y$_DN5}