Magnet Weekly CTF (Week 11) - Warren's Memory Part 3

 

Previous (Android): Week 1 | Week 2 | Week 3 | Week 4

Previous (Linux): Week 5 | Week 6 | Week 7 | Week 8

Previous (Memory): Week 9 | Week 10

As we continue moving on, we get more memory questions around IP addresses and URLs. These ones were quick to solve with the knowledge (and most of the heavy lifting) done from last week.

Challenge 11 (Dec 14-21) (20)

What is the IPv4 address that myaccount.google.com resolves to?

Since we are using the same memory image file again, we can pull the PCAP from RAM using Bulk Extractor (see Week 10 writeup) and then load it into Network Miner. From the Hosts tab we can look for the myaccount.google.com address to see what IP was associated with it:


The answer was 172.217.10.238.

Challenge 11 (Dec 14-21) Part 2 (5)

What is the canonical name (cname) associated with Part 1?

A quick Google search led me to more information about what a CNAME entailed. The answer was already right in front of us in Network Miner, which made for a quick solve.


The answer was www3.l.google.com.