One minute cherryNo.7

MetaRed 2022 5th STAGE - E-mail

E-mail is a forensic challenge that was part of the MetaRed CTF 2022 (5th STAGE). The description says:

Our users received a phishing email.

The email requires change the password. Help us to find out which is the original account where the phishing was sent.

Flag{xxx@yyy.zz}

and we are given a file called correo.

File

$ file correo
correo: RFC 822 mail, ASCII text, with very long lines (8230), \
    with no line terminators

Solution

To solve this challenge, it would be useful to add some line breaks to the file. We can do this with sed by adding one for each space:

$ sed 's/ /\n/g' correo > correo_with_linebreaks

Now we can look for something like mailfrom in the new file with grep:

$ grep -i mailfrom correo_with_linebreaks
smtp.mailfrom=cinecafes.com;

The final step is to find the email address:

$ grep -i cinecafes.com correo_with_linebreaks | grep @
<franchise.enquiry@cinecafes.com>)
franchise.enquiry@cinecafes.com
franchise.enquiry@cinecafes.com
franchise.enquiry@cinecafes.com

Flag

The flag is “flag{franchise.enquiry@cinecafes.com}”.

forensics sed grep metared2022_5thstage

156 Words

2022-11-23 09:00

← After Dark CTF Fall22 - Diff MetaRed 2022 5th STAGE - hidden word →