Easy Phish

Spoiler Removed

HA HA…I literally had the second half…sitting in a Word doc…right in front of my face… It’s so easy to over think and over complicate these challenges and that is what makes them so great. We are our own worst enemies… High five and fist bump to greenwolf.

i got both parts, however after pasting them together it still doesn’t take the flag. Am I missing something?

@qrious DM me for help

got this after a few digs and google searches…@n4v1n has the best advice

Type your comment> @PanamaEd117 said:

any tips on line how to start this? ran dig, nslookup, and fierce. Found a subdomain. Also notice no DNSSEC. Just not sure how to start.

what is fierce

I am having the worst luck with this one. I found the first half of the flag using dnsrecon. However I am having no luck finding the 2nd half of this flag. I tried enumerating for mx records and found none. I even tried attacking a few send mail ports, got no where. I’m out of ideas. Any further hints or help would be highly appreciated.

got it.

Try using mxtoolbox.com

Hint: Learn about 3 ways to protect your company from spoofed emails

Happened to read about this exact technology this morning on /r/netsec, so I got it fast!

PM me for any help on this one

It was so funny.