Dig Dug is another fun little free room on TryHackMe.com where you can learn to use the “dig” tool. dig(Domain Information Groper) is another network administration CLI based tool for goofing around with the Domain Name System. dig is mainly useful for network troubleshooting and for educational purposes. It can also be operated based on command-line option and flag arguments.
dig tool is usually pre-installed in most of the Debian based distributions. Its syntax is pretty simple and easy to go.
dig [server] [name] [type]
Coming back to the room, join and start the machine. Wait for a couple of minutes to load up the instance completely (the usual practice). Important stuff here is the mentioned “pre-requisite” rooms related to DNS. They might help you in better solving this room.
As dig is really a simple tool, you can just experiment by just changing the arguments. Here is the simple dig scan:
dig 10.10.27.27
; <<>> DiG 9.16.15-Debian <<>> 10.10.27.27
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 63744
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;10.10.27.27. IN A
;; AUTHORITY SECTION:
. 86399 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022051801 1800 900 604800 86400
;; Query time: 276 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; MSG SIZE rcvd: 115
Now you can also tweak around with the DNS record types like A, MX, AAA, and TXT. In case you are not sure what record type to look for, you can go with the “ANY” keyword to search for the whole thing.
dig 10.10.27.27 ANY
; <<>> DiG 9.16.15-Debian <<>> 10.10.27.27 ANY
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 43712
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;10.10.27.27. IN ANY
;; AUTHORITY SECTION:
. 86399 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2022051801 1800 900 604800 86400
;; Query time: 196 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; MSG SIZE rcvd: 115
You can get an idea of how the dig tool work generally. Now going toward the flag in order to solve the room. Well, this is not complex at all.
As we have the IP address of our instance and we are also given a kind of an argument “givemetheflag.com” to grab the flag.
Let’s dig the IP of the instance and put the given website address in our argument.
dig @10.10.27.27 givemetheflag.com
; <<>> DiG 9.16.15-Debian <<>> @10.10.27.27 givemetheflag.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54590
;; flags: qr aa; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;givemetheflag.com. IN A
;; ANSWER SECTION:
givemetheflag.com. 0 IN TXT "Your Flag Will Show Here"
;; Query time: 316 msec
;; SERVER: 10.10.27.27#53(10.10.27.27)
;; MSG SIZE rcvd: 86
This is how you can simply learn to look for different sorts of records in DNS, particularly in this case it’s TXT reocrd. This technique can be helpful in passive recon during any engagement.
Good write ups. Regards.
I’ve learn several excellent stuff here. Definitely worth bookmarking
for revisiting. I surprise how a lot attempt you put to make this kind of
excellent informative site.
I love what you tend to be up too. This type of clever work and
reporting! Keep up the amazing works.
Beneficial posts. Kudos!
Thanks, I appreciate this.
Great delivery. Sound arguments. Keep up the great work.
Nicely put, Regards!
Incredible a good deal of great info!
Its not my first time to pay a quick visit this site, i am browsing this site again and take pleasant data from here.
Thanks a lot! Loads of write ups!
Fantastic data. Kudos!