HackTheBox-Challenges Easy Phish Writeup
Description
Customers of secure-startup.com have been recieving some very convincing phishing emails, can you figure out why?
直接放上解法:
1 | ╰─ dig TXT secure-startup.com _dmarc.secure-startup.com ─╯ |
因為題目提到這個 domain 存在一些釣魚郵件的問題,合理懷疑是 DMARC 相關的設定可能有問題,因此我們可以去 dig 他的 DNS 紀錄。
補充介紹 DMARC:
DMARC(Domain-based Message Authentication, Reporting, and Conformance,網域型訊息驗證、報告與遵循)是一種基於網域的電子郵件驗證系統,旨在提高郵件傳送者和接收者對電子郵件真實性的信心。其核心目的是幫助減少垃圾郵件和釣魚攻擊,特別是那些偽裝成合法網域的郵件。
Pwned !!!!
- Title: HackTheBox-Challenges Easy Phish Writeup
- Author: kazma
- Created at : 2024-08-26 16:07:05
- Updated at : 2024-08-26 16:44:16
- Link: https://kazma.tw/2024/08/26/HackTheBox-Challenges-Easy-Phish-Writeup/
- License: This work is licensed under CC BY-NC-SA 4.0.
Comments