Easy Phish - Hack The Box Challenge

less than 1 minute read

April 26, 2021 less than 1 minute read

Description

Customers of secure-startup.com have been recieving some very convincing phishing emails, can you figure out why?

Steps

There’s 2 between others ways to preventing Email Address Spoofing, this 2 are SPF and DMARC, saying this let’s scane

We’ll use NsLookup which is a program used to find out if DNS is correctly resolving names and IPs.

Step-1:

For the SPF domain of a record:

nslookup -type=txt secure-startup.com We get the following result:

nslookup -type=txt secure-startup.com

Output:

Server:         192.168.150.2
Address:        192.168.150.2#53

Non-authoritative answer:
secure-startup.com      text = "v=spf1 a mx ?all - HTB{XXX_XXX_XXXX_XXX"

Authoritative answers can be found from:

Step-2:

For the DMARC domain of a record:

nslookup -type=txt _dmarc.secure-startup.com We get the following result:

nslookup -type=txt _dmarc.secure-startup.com

Output:

Server:         192.168.150.2
Address:        192.168.150.2#53

Non-authoritative answer:
_dmarc.secure-startup.com       text = "v=DMARC1;p=none;_XXXXX_XXXX_XXXXX}"

Authoritative answers can be found from:

Step-3:

So finally the flag becomes, join both outputs:

HTB{XXX-XXXX-XXXXXX-XXXXXX-XXXX}

Byee

Description

Steps

Step-1:

Step-2:

Step-3:

Share this: