# Magnet CTF Week 1

## Magnet CTF Challenge Week 1 writeup

![](/files/-MIx6ezJCr0M267pOH-w)

Android is based on the Linux kernel, and as such, system configuration files are sometimes located in the usual places. In order to answer the question above, we need to identify a few things;

1. The file which maps hostnames to IP addresses

2. The location of that file

3. The last accessed time of that file

4. If you're not familiar with the Linux operating system, it is possible to get a bit confused when it comes to DNS and/or hostname mapping. /etc/resolv.conf identifies nameservers to use for DNS lookups, however **/etc/hosts** is used to statically map hostnames to IP addresses. \[1]<br>

5. Android adb backups/dumps do not have the same file/folder structure as pure Linux operating systems. As a result, it may be difficult to find the exact location. On the right hand side of this image, make sure 'All subfolders' is selected. This will show the contents of the folder on the left (in this case, the 'data' folder) as well as recursively listing all of the contents. From here, we can search for 'hosts'.<br>

<div align="left"><img src="/files/-MIx8IsJNY3ymg86F8Mw" alt=""></div>

On the right hand side of the screen, enter 'hosts' as a filter.

![](/files/-MIx8rCTfKqtzxFEuw36)

The file itself is routinely accessed by the operating system. The CTF question asks for accessed time, but the file itself does not have an accessed time recorded; only a modified time of 05/03/2020 05:50:18

![](/files/-MIx9H1Ah-7TN5gmbMJP)

\[1] <https://www.linode.com/docs/networking/dns/using-your-systems-hosts-file/><br>

Thank you to Magnet Forensics for providing a temporary licence to use for both this and the [DFIR Madness CTF writeup.](/ctf-challenges/dfir-madness-ctf-challenges.md)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://www.iblue.team/ctf-challenges/magnet-weekly-ctf-challenge/magnet-ctf-week-1-1.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.