One minute
cherryNo.7
MetaRed 2022 5th STAGE - E-mail
E-mail is a forensic challenge that was part of the MetaRed CTF 2022 (5th STAGE). The description says:
Our users received a phishing email.
The email requires change the password. Help us to find out which is the original account where the phishing was sent.
and we are given a file called correo
.
File
$ file correo
correo: RFC 822 mail, ASCII text, with very long lines (8230), \
with no line terminators
Solution
To solve this challenge, it would be useful to add some line breaks to the file. We can do this with sed
by adding one for each space:
$ sed 's/ /\n/g' correo > correo_with_linebreaks
Now we can look for something like mailfrom
in the new file with grep
:
$ grep -i mailfrom correo_with_linebreaks
smtp.mailfrom=cinecafes.com;
The final step is to find the email address:
$ grep -i cinecafes.com correo_with_linebreaks | grep @
<franchise.enquiry@cinecafes.com>)
franchise.enquiry@cinecafes.com
franchise.enquiry@cinecafes.com
franchise.enquiry@cinecafes.com
Flag
The flag is “flag{franchise.enquiry@cinecafes.com}”.