Lost in the Records
🔍 Details
| Attribute | Details |
|---|---|
| Challenge Name | Lost in the Records |
| Category | OSINT |
| Difficulty | 🟠 Medium |
| Flag | F4H{fZuT6WTg70**********} |
📝 Description
Not all secrets are stored in plain sight—some are hidden deep within domain records.
A crucial piece of information has been placed somewhere under fl4ghunt.tech—but where?
🧩 Hints
- Domains often have descriptive subdomains—think about what type of challenge this is.
osintis the subdomain you're looking for.- Look for records that aren’t usually visible on a webpage.
💡 Solution
This OSINT challenge involves uncovering hidden information within DNS records — specifically a TXT record.
- The domain in question is
fl4ghunt.tech, and the hint points to the subdomainosint. - You can use any DNS lookup tool that supports TXT record queries. An easy option is Google’s online DIG tool:
- Visit: https://toolbox.googleapps.com/apps/dig/#TXT/ (opens in a new tab)
- Type in the full subdomain:
osint.fl4ghunt.tech
- The response will include a TXT record containing the flag.
Alternatively, on the terminal you can run:
dig TXT osint.fl4ghunt.tech📚 Insights
This challenge introduces you to DNS reconnaissance, a key part of OSINT and red teaming.
- TXT records are DNS entries used to associate arbitrary text with a domain. Common uses include SPF/DKIM configurations and domain ownership verifications.
- Attackers and researchers alike inspect DNS zones for misconfigurations, exposed subdomains, and hidden metadata.
- Tools like
dig,nslookup, or online interfaces make it easy to query specific record types. - In CTFs, hiding a flag in a TXT record is a subtle way to reward players who explore beyond the web layer.