Hi folks,
Thank you for reading my write-up on the Hack the Box OSINT challenge: Easy Phish.
The challenge start with the following information:
“Customers of have been receiving some very convincing phishing emails, can you figure out why?”

Well, first things first. I smashed in Google and see what kind of hits came up.
But soon I noticed that the website if hosted somewhere with no site running on it.
So what you do next? Well I did some research in SPF records, DMARC and how to lookup website information using open source.
I used some tools like MXToolbox to find some more information about the site. But also a “nslookup” can give you some quick answers.

So with that said… I’m using the command “dig” to give me more information about the record.
Please take a good look… at the answer section there is a text output. Here you see the first part of the flag. First I got disappointed as it wasn’t the correct flag. But taken a second look at the output below. Like I said I did some research on DMARC and below you see some output that was suspicious to me.
Taken a good look at it, I pasted both outputs together HTB{RIP_SPF_Always_2nd_F1ddl3_2_DMARC}
which given me the full flag for this easy OSINT challenge.

Thank you for reading!

Comments are closed.

Close Search Window