Phishing Analysis Fundamentals | TryHackMe Writeup

SolveniteSolvenite
2 min read

Task 1 — Introduction

Read the above and launch the attached VM.

No Answer Needed

Task 2 — The Email Address

Email dates back to what time frame?

1970s

Task 3 — Email Delivery

What port is classified as Secure Transport for SMTP?

465

What port is classified as Secure Transport for IMAP?

993

What port is classified as Secure Transport for POP3?

995

Task 4 — Email Headers

What email header is the same as “Reply-to”?

Return-Path

Once you find the email sender’s IP address, where can you retrieve more information about the IP?

http://www.arin.net

Task 5 — Email Body

In the above screenshots, what is the URI of the blocked image?

https://i.imgur.com/LSWOtDI.png

In the above screenshots, what is the name of the PDF attachment?

Payment-updateid.pdf

In the attached virtual machine, view the information in email2.txt and reconstruct the PDF using the base64 data. What is the text within the PDF?

THM{BENIGN_***_********NT}

Task 6 — Types of Phishing

What trusted entity is this email masquerading as?

Home Depot

What is the sender’s email?

support@teckbe.com

What is the subject line?

Order Placed : Your Order ID OD2321657089291 Placed Successfully

What is the URL link for — CLICK HERE? (Enter the defanged URL)

hxxp[://]t[.]teckbe[.]com/p/?j3=EOowFcEwFHl6EOAyFcoUFV=TVEchwFHlUFOo6lVTTDcATE7oUE7AUET==

Conclusion

What is BEC?

Business Email Compromise

Hope this Writeup helps! Feel free to reach out to me for further queries :)

0
Subscribe to my newsletter

Read articles from Solvenite directly inside your inbox. Subscribe to the newsletter, and don't miss out.

phishingtryhackmeTryHackMe Walkthroughtryhackmewalkthrough#TryHackMe #Cybersecurity #Infosec #LearningPath #BeginnerFriendly #CTF (Capture The Flag – relevant to hacking practice) #Linux #Networking #CybersecurityLearning #TechJourney #SelfTaught#cybersecurityPhishing mailcybersecuritycyberCyberSec

Written by

Solvenite
Solvenite