HackTheBox-Challenges Easy Phish Writeup

Description

Customers of secure-startup.com have been recieving some very convincing phishing emails, can you figure out why?

直接放上解法：

╰─ dig TXT secure-startup.com _dmarc.secure-startup.com                                       ─╯


; <<>> DiG 9.10.6 <<>> TXT secure-startup.com _dmarc.secure-startup.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27205
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;secure-startup.com.		IN	TXT

;; ANSWER SECTION:
secure-startup.com.	1800	IN	TXT	"v=spf1 a mx ?all - HTB{RIP_SPF_Always_2nd"

;; Query time: 379 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Aug 26 16:33:09 CST 2024
;; MSG SIZE  rcvd: 101

;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49225
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;_dmarc.secure-startup.com.	IN	TXT

;; ANSWER SECTION:
_dmarc.secure-startup.com. 1800	IN	TXT	"v=DMARC1;p=none;_F1ddl3_2_DMARC}"

;; Query time: 382 msec
;; SERVER: 1.1.1.1#53(1.1.1.1)
;; WHEN: Mon Aug 26 16:33:09 CST 2024
;; MSG SIZE  rcvd: 99

因為題目提到這個 domain 存在一些釣魚郵件的問題，合理懷疑是 DMARC 相關的設定可能有問題，因此我們可以去 dig 他的 DNS 紀錄。
補充介紹 DMARC:

DMARC（Domain-based Message Authentication, Reporting, and Conformance，網域型訊息驗證、報告與遵循）是一種基於網域的電子郵件驗證系統，旨在提高郵件傳送者和接收者對電子郵件真實性的信心。其核心目的是幫助減少垃圾郵件和釣魚攻擊，特別是那些偽裝成合法網域的郵件。

Pwned !!!!