Complete and detailed writeup of Dig Dug – an easy TryHackMe DNS server room.
CTF Writeups & Bug Bounty » Try Hack Me » THM Challenges » Solving Dig Dug – an Easy TryHackMe DNS server
Table of contents
Introduction – Dig Dug
From the TryHackMe description, we learn that:
- The target is in fact a DNS server
- We must use common DNS enumeration tools that are available on the attack box
- We must retrieve the flag from a “special type of request for a givemetheflag.com domain“
Let’s see!
Getting the flag through DNS
First, let’s run nmap to confirm the DNS server is running on the default DNS port (53):
root@ip-10-80-180-122:~# nmap -sU -p 53 -sV 10.80.140.191
Starting Nmap 7.80 ( https://nmap.org ) at 2026-01-19 09:13 GMT
mass_dns: warning: Unable to open /etc/resolv.conf. Try using --system-dns or specify valid servers with --dns-servers
mass_dns: warning: Unable to determine any DNS servers. Reverse DNS is disabled. Try using --system-dns or specify valid servers with --dns-servers
Nmap scan report for 10.80.140.191
Host is up (0.00011s latency).
PORT STATE SERVICE VERSION
53/udp open mdns DNS-based service discoverynmap options:
- -sU: UDP scan (DNS uses UDP to receive client requests)
- -p 53: only scans port 53
- -sV: tries to determine the version of detected services
Great, port 53 is indeed open and a DNS server is listening.
Let’s just do what we were told – send a request to this DNS server to resolve the givemetheflag.com domain.
For this matter, we’re going to use dig and the A record:
root@ip-10-80-180-122:~# dig @10.80.140.191 givemetheflag.com A +short
"flag{0767************************}"dig options:
- @10.80.140.191: tells dig to use the DNS server 10.80.140.191 to resolve the domain name
- A: queries the A record (IPv4 address)
- +short: only shows the answer, not the whole process
Well, it was very very simple.
The flag is the response to the most basic DNS request.
I’m almost disappointed…
Conclusion – Dig Dug a bit too simple?
Very short and easy room.
But it still serves as a great introduction to DNS and using dig, which is always tricky to use when we begin (at least it was for me).
But they could have chosen a less ordinary record to hide the flag…
READ MORE Try Hack Me WRITEUPS
Disclaimer
This article is provided for educational purposes only.
All techniques demonstrated were performed in a controlled lab environment.
Do not attempt to reproduce these actions on systems you do not own or have explicit authorization to test.
I do not encourage or take responsibility for any illegal use of the information provided.