Can you enter the, and find the flag?

Service listening on:

Note: this is NOT about the web site!


Find out what service is listening on the port. nmap could be helpful for this kind of fingerprinting.


This challenge was all about finding the right tools and getting the command line args right. As the hint suggests, we can use nmap to scan that port to get more information.

nmap -p 5553 -T4 -A -v

Yields the output (truncated for brevity):


5553/tcp open  domain  ISC BIND 9.9.5 (Debian Linux 8.0 (Jessie))

The command tells us that BIND (DNS) is running on that port. Now the zone portion of the clue makes sense, since zones are a DNS concept. We can now use dig to see what we can find out. I attempted a zone transfer and got the following:

dig AXFR -p5553
; <<>> DiG 9.11.3-1ubuntu1.1-Ubuntu <<>> AXFR -p5553
;; global options: +cmd            604800  IN      SOA 2 604800 86400 2419200 604800            604800  IN      NS 604800 IN A         604800  IN      A            604800  IN      SOA 2 604800 86400 2419200 604800
;; Query time: 161 msec
;; WHEN: Fri Jan 11 23:26:24 STD 2019
;; XFR size: 5 records (messages 1, bytes 193)

Here is our flag:


Return to the full breakdown of the Codemash CTF