Internetwache CTF 2016 — Misc80–404 Flag not found

This one was pretty quick, but lots of fun. The initial file is a packet capture showing a number attempted GETs and DNS queries. Looking at the subdomains I noticed that they seem to be made up of hex values.

Sexy Hexy Subdomains


I was able to grep and cut the subdomains, after which I used xxd -r -p to print the resulting ASCII. There was no flag immediately in site, but if you look at the first char of each line you get: IW{DNS_HACKS}

grep'n and cut'n

Acrostics for the win