- Who was the email sent to? (Answer is the email address)
EXPLANATION:
2. Phishing emails use similar domains of their targets to increase the likelihood the recipient will be tricked into interacting with the email. Who does it say the email was from? (Answer is the email address)
ANS: customerservice@t8fc.info
EXPLANATION:
3. Sometimes phishing emails have a different reply-to email address. If this email was replied to, what email address will receive the email response?
ANS: fisher@tempmailz.grinch
EXPLANATION:
4. Less sophisticated phishing emails will have typos. What is the misspelled word?
ANS: stright
EXPLANATION:
5. The email contains a link that will redirect the recipient to a fraudulent website in an effort to collect credentials. What is the link to the credential harvesting website?
ANS: https://89xgwsnmo5.grinch/out/fishing/
EXPLANATION:
Step 1: Click the Orange Button in the mail
Step 2: We can see the link will open in the browser
6. View the email source code. There is an unusual email header. What is the header and its value?
ANS: X-GrinchPhish: >;^)
EXPLANATION:
Step 1: Click on More -> View Source
Step 2: Search for unusual header (e.g X-GrinchPhish: >;^))
7. You received other reports of phishing attempts from other colleagues. Some of the other emails contained attachments. Open attachment.txt. What is the name of the attachment?
ANS: password-reset-instructions.pdf
EXPLANATION:
Step 1: Go to Email Artifacts folder -> Click on Atttachment.txt
Step 2: Search on Content-Type, We will get the answer
8. What is the flag in the PDF file?
ANS: THM{A0C_Thr33_Ph1sh1ng_An4lys!s}
EXPLANATION:
Step 1: Open attachment-base64-only.txt
Step 2: Open Cyberchef -> Drag the attachment-base64-only.txt
Step 3: Drag From Base64 to Box and Bake it
Step 4: Save the file as test.pdf and open the file to find the flag
*****************THANK YOU****KEEP LEARNING ******************
HOPE GUYS, THIS WALKTHROUGH MIGHT HELP YOU,IF SO LIKE THE WRITE UP ,LIKE & FOLLOW TO THE BLOG AND PROFILE WILL BE MUCH APPRECIATED
FOLLOW MY PROFILE FOR MORE WRITE-UPS
****************************PEACE********************************