Magnet Weekly CTF Challenge Week #1: hosts
Challenge 1 (OCT 5–11) — Mapping the Digits 20
What time was the file that maps names to IP’s recently accessed?
(Please answer in this format in UTC: mm/dd/yyyy HH:MM:SS)
So the key for this one was a
file that maps names to IP. This immediately jumps out as a DNS related artefact, specifically, the
hosts file is a local file that your computer will check when resolving domain names before it reaches out to a DNS server. It is a list of FQDNs that map to IPs. For example, if I added an entry like below, it would mean that when I type
magnetforensics.com into my browser, it will resolve to whatever I'm hosting on my loopback address (127.0.0.1).
Here are the locations of file on the major OSs.
/etc/hosts(requires root access)
In MUS_Android.tar, there are 2 hosts files but the one the system would have been using is
There is also a copy of this file in the downloads folder? Maybe the hosts file in the system was replaced by one that was downloaded?
We can see that the file was modified on Thursday, 5 March 2020, 4:50:18 PM (My time zone).
But the UTC timezone is 05/03/2020 05:50:18 or 03/05/2020 05:50:18 in American format.
If we peek inside, we see an unusual entry which could be covered in the next challenges…
Answer: 03/05/2020 05:50:18