The Question.
For the January 2017 Challenge, take a look at this
+++ +++
The hint from our crew : The fundamental.
Find the flag and make a good readable writeup for our crew. Send it at
Have fun and enjoy! Do note that, excessive usage of any automated scanner is not allowed!.

Because of the hint fundamental
So I try, nslookup, whois, and dig
No interesting outcome for nslookup and whois, but something interesting on dig
I tried dig TXT
aj69@srv:~# dig +noall +answer ANY

; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> +noall +answer ANY
;; global options: +cmd           3788    IN      HINFO   "Please stop asking for ANY" "See draft-ietf-dnsop-refuse-any"

It warn not to use ANY, then I tried straight to the TXT section hope will find something on that section
root@srv:~# dig +noall +answer TXT
; <<>> DiG 9.9.5-3ubuntu0.10-Ubuntu <<>> +noall +answer TXT
;; global options: +cmd           299     IN      TXT     "N3q8ryccAASpcFcnsAAAAAAAAAA1AAAAAAAAAOOaNWJd7k4PCFF/aUiqAKhV/q9uV8Qm51pm+GJ7TUy7ofBPHvcz6ZcmIeRv6dH3Ts/mpF6hHldwnakFMsrole1lTb4vjz0jbyEyGW69sZb0d/p5E5UPEJFitc1SUu5AWOII4d2kOUsaO+8yqB4QBrlzZnzzRTXncrDJMn7GYY/Zm4DuLTlQyisTAm072O27wJS3ChzEPcozQ+htBTk4n7T1+YA" "Wt36dV7hb7R3z96Pm9VDiXhcGMAEJgIAABwsBAAIkBvEHAQpTBzOpWSfwSpXaIwMBAQVdABAAAAEADHyAlgoB4Q5axwAA"           299     IN      TXT     "v=spf1 mx a ip4: a:nasikakwok include:domainengkau -all"

That is some interesting part, base64 and nasikakwok also domainengkau
Base64 is in 2 part so I just join them and decode it to hexadecimal then save it as ayam2.7z file

Tried opening the files, its password protected! duh!

try all possible password but that's not it, so i go the the main domain, which was a gitlab community site, after poking around, I found one repository called username/flag, but still failed

other than that, I got the original IP of the website which was under the cloudflare if you ping it directly. 

Doing some port scanning to the IP just got some closed port on SSH and ftp if I'm not mistaken.
So all was blank to me.

Maybe some of you that got it, can tell me how to get the password much be appreciated! :D


seems that someone has solve this question [POC], the zip file needs to be crack using rockyou wordlist!
maybe no luck for me. So after password was found, you will get the flag.