Written
on
Disclose the Agent (Let's Defend)
Challenge Write-up (Easy)
Lessons Learned:
To quickly analyze an SMTP traffic, and retrieve the attachment from the captured packet.
The Challenge:
We reached the data of an agent leaking information. You have to disclose the agent.
- What is the email address of Ann’s secret boyfriend?
- Method: Filter SMTP packets and follow TCP Stream.
- Answer: “mistersecretx[at]aol[dot]com”
- What is Ann’s email password?
- Method: Filter SMTP packets and follow TCP Stream, find the authentication and decode it using base64.
- Answer: “558r00lz”
- What is the name of the file that Ann sent to his secret lover?
- Method: Filter SMTP packets and follow TCP Stream.
- Answer: “secretrendezvous.docx”
- In what country will Ann meet with her secret lover?
- Method: Go to File > Export Objects > IMF > rendezvous.eml
- Answer: “Mexico”
- What is the MD5 value of the attachment Ann sent?
- Method: Save the file from the attachment. Run the command md5.
- Answer: “9e423e11db88f01bbff81172839e1923”