Monday, October 12, 2020

Magnet Weekly CTF (Week 1) - Hosts File

 

The good folks at Magnet Forensics are hosting a weekly CTF challenge for anyone interested. More details on registration and scoring here. It kicked off this week with a question from Jad.

Challenge 1 (OCT 5-11) - Mapping the Digits (20)

What time was the file that maps names to IP's recently accessed? (Please answer in this format in UTC: mm/dd/yyyy HH:MM:SS)

As part of the Magnet User Summit CTF from the summer, I had already come across this file so I almost instantly knew where to look. The file of interest is at the following path:

MUS_Android.tar\data\adb\modules\hosts\system\etc\hosts

This file is home to IP addresses and hostnames useful for redirection on a mobile device.

This file is the file that tells your OS what path a given domain has. You can, for example, map example.com to go to a specific IP address, similar to how DNS works for most domains. - The Polyglot Developer

As you can see in the screenshot below, the modified date shows the file was changed on 2020-03-05 05:50:18.

Screenshot out of Magnet AXIOM

You can now get these IP's and hostnames parsed into a nicer looking report utilizing the my new script in Alexis Brignoni's ALEAPP. I also submitted a custom artifact to ingest the ALEAPP TSV output into Magnet AXIOM.






 

 

No comments:

Post a Comment