HackTheBox-Challenges Easy Phish Writeup
kazma
Security Researcher
Description
Customers of secure-startup.com have been recieving some very convincing phishing emails, can you figure out why?
直接放上解法:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
| ╰─ dig TXT secure-startup.com _dmarc.secure-startup.com ─╯
; <<>> DiG 9.10.6 <<>> TXT secure-startup.com _dmarc.secure-startup.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27205
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;secure-startup.com. IN TXT
;; ANSWER SECTION:
secure-startup.com. 1800 IN TXT "v=spf1 a mx ?all - HTB{RIP_SPF_Always_2nd"
;; Query time: 379 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Aug 26 16:33:09 CST 2024
;; MSG SIZE rcvd: 101
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49225
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_dmarc.secure-startup.com. IN TXT
;; ANSWER SECTION:
_dmarc.secure-startup.com. 1800 IN TXT "v=DMARC1;p=none;_F1ddl3_2_DMARC}"
;; Query time: 382 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Aug 26 16:33:09 CST 2024
;; MSG SIZE rcvd: 99
|
因為題目提到這個 domain 存在一些釣魚郵件的問題,合理懷疑是 DMARC 相關的設定可能有問題,因此我們可以去 dig 他的 DNS 紀錄。
補充介紹 DMARC:
DMARC(Domain-based Message Authentication, Reporting, and Conformance,網域型訊息驗證、報告與遵循)是一種基於網域的電子郵件驗證系統,旨在提高郵件傳送者和接收者對電子郵件真實性的信心。其核心目的是幫助減少垃圾郵件和釣魚攻擊,特別是那些偽裝成合法網域的郵件。
Pwned !!!!
