Easy Phish

Got it, didn’t even use any special tools beyond a well known website to lookup records and stuff.

The challenge’s mention of very convincing phishing emails is pretty much a lead right to what to look at.

I got the first half and what I thought was the 2nd half, but it rejects. Am I supposed to add something?

Type your comment> @Outkicked said:

I got the first half and what I thought was the 2nd half, but it rejects. Am I supposed to add something?

Yes, the 2nd half of the flag ends with a closing curly brace, as one would expect. Look around the DNS records, I also had to do extra research as this protocol had been unknown to me

Type your comment> @qmi said:

Type your comment> @Outkicked said:

I got the first half and what I thought was the 2nd half, but it rejects. Am I supposed to add something?

Yes, the 2nd half of the flag ends with a closing curly brace, as one would expect. Look around the DNS records, I also had to do extra research as this protocol had been unknown to me

I have also found the 2nd half with the closed curly bracket, mine also rejects am I looking in the wrong place or do I have to remove some of the 2nd half?

Hey guys,

I’ve found the first half and I’m really stuck with the 2nd half.

Any hints? can someone PM me?

EDIT: found the 2nd half, having the same problem as @Primer .

@DedStroK @Primer:
If you found the correct data, it should be pretty obvious. The flag is a complete sentence if put together. If you did it correctly, the middle of your flag should contain the sequence “d_F”.

@Gordin
In my case, it was the correct one, but I copied it when it was lower case, that’s why it didn’t work.

@Primer

Go back to where you found the second half, and try to see if there is the same output with Uppercase.

No, there is nothing wrong with lowercase/uppercase variation in the flag. The flag is case-sensitive surely. The 2nd part of the flag starts after the last semicolon character in the response record, obviously to make up a full sentence if you hacker-read it together with the 1st part :wink:

Spoiler Removed

HA HA…I literally had the second half…sitting in a Word doc…right in front of my face… It’s so easy to over think and over complicate these challenges and that is what makes them so great. We are our own worst enemies… High five and fist bump to greenwolf.

i got both parts, however after pasting them together it still doesn’t take the flag. Am I missing something?

@qrious DM me for help

got this after a few digs and google searches…@n4v1n has the best advice

Type your comment> @PanamaEd117 said:

any tips on line how to start this? ran dig, nslookup, and fierce. Found a subdomain. Also notice no DNSSEC. Just not sure how to start.

what is fierce

I am having the worst luck with this one. I found the first half of the flag using dnsrecon. However I am having no luck finding the 2nd half of this flag. I tried enumerating for mx records and found none. I even tried attacking a few send mail ports, got no where. I’m out of ideas. Any further hints or help would be highly appreciated.

got it.

Try using mxtoolbox.com

Hint: Learn about 3 ways to protect your company from spoofed emails

Happened to read about this exact technology this morning on /r/netsec, so I got it fast!

PM me for any help on this one

It was so funny.