-
Notifications
You must be signed in to change notification settings - Fork 1
Writeup: Advent of Cyber 3 Day 19
Link: Advent Of Cyber 3 on TryHackMe
Who was the email sent to? (Answer is the email address)
Answer: [email protected]
Phishing emails use similar domains of their targets to increase the likelihood the recipient will be tricked into interacting with the email. Who does it say the email was from? (Answer is the email address)
Answer: [email protected]
Sometimes phishing emails have a different reply-to email address. If this email was replied to, what email address will receive the email response?
Answer: [email protected]
Less sophisticated phishing emails will have typos. What is the misspelled word?
Answer: stright
The email contains a link that will redirect the recipient to a fraudulent website in an effort to collect credentials. What is the link to the credential harvesting website?
Answer: https://89xgwsnmo5.grinch/out/fishing/
View the email source code. There is an unusual email header. What is the header and its value?
Answer: X-GrinchPhish: >;^)
You received other reports of phishing attempts from other colleagues. Some of the other emails contained attachments. Open attachment.txt. What is the name of the attachment?
Answer: password-reset-instructions.pdf
What is the flag in the PDF file?
Answer: THM{A0C_Thr33_Ph1sh1ng_An4lys!s}
If you want to learn more about phishing, check out the "Phishing" module on TryHackMe.
Answer: No answer needed