Easy Phish

is this one a two part flag? i find the first but not the ending }

Type your comment> @W0RmZ said:

is this one a two part flag? i find the first but not the ending }

same

Type your comment> @W0RmZ said:

is this one a two part flag? i find the first but not the ending }

This is a two part flag. Everything in the first flag is the first half of it.

Type your comment> @s0j0hn said:

Type your comment> @W0RmZ said:

is this one a two part flag? i find the first but not the ending }

same

think of different email authentication protocols and find a way to test them… one by one.

Type your comment> @Un1k0d3r said:

Type your comment> @s0j0hn said:

Type your comment> @W0RmZ said:

is this one a two part flag? i find the first but not the ending }

same

think of different email authentication protocols and find a way to test them… one by one.

wow what a brain fart. got it thanks!

This was quite fun for an easy OSINT task. Really hoping for more in this category!

any tips on line how to start this? ran dig, nslookup, and fierce. Found a subdomain. Also notice no DNSSEC. Just not sure how to start.

never mind on the hints. Got it. Thanks to all…

Got it, didn’t even use any special tools beyond a well known website to lookup records and stuff.

The challenge’s mention of very convincing phishing emails is pretty much a lead right to what to look at.

I got the first half and what I thought was the 2nd half, but it rejects. Am I supposed to add something?

Type your comment> @Outkicked said:

I got the first half and what I thought was the 2nd half, but it rejects. Am I supposed to add something?

Yes, the 2nd half of the flag ends with a closing curly brace, as one would expect. Look around the DNS records, I also had to do extra research as this protocol had been unknown to me

Type your comment> @qmi said:

Type your comment> @Outkicked said:

I got the first half and what I thought was the 2nd half, but it rejects. Am I supposed to add something?

Yes, the 2nd half of the flag ends with a closing curly brace, as one would expect. Look around the DNS records, I also had to do extra research as this protocol had been unknown to me

I have also found the 2nd half with the closed curly bracket, mine also rejects am I looking in the wrong place or do I have to remove some of the 2nd half?

Hey guys,

I’ve found the first half and I’m really stuck with the 2nd half.

Any hints? can someone PM me?

EDIT: found the 2nd half, having the same problem as @Primer .

@DedStroK @Primer:
If you found the correct data, it should be pretty obvious. The flag is a complete sentence if put together. If you did it correctly, the middle of your flag should contain the sequence “d_F”.

@Gordin
In my case, it was the correct one, but I copied it when it was lower case, that’s why it didn’t work.

@Primer

Go back to where you found the second half, and try to see if there is the same output with Uppercase.

No, there is nothing wrong with lowercase/uppercase variation in the flag. The flag is case-sensitive surely. The 2nd part of the flag starts after the last semicolon character in the response record, obviously to make up a full sentence if you hacker-read it together with the 1st part :wink:

Spoiler Removed

HA HA…I literally had the second half…sitting in a Word doc…right in front of my face… It’s so easy to over think and over complicate these challenges and that is what makes them so great. We are our own worst enemies… High five and fist bump to greenwolf.

i got both parts, however after pasting them together it still doesn’t take the flag. Am I missing something?

@qrious DM me for help