Tryhackme - Phishing Analysis Fundamentals

Tryhackme – Phishing Analysis Fundamentals

In this walk through, we will be going through the Phishing Analysis Fundamentals room from Tryhackme. This room will teach us about the components that make up a email, how it travels and is used in the phishing assessments. So, let’s get started.

Phishing Analysis Fundamentals

Task 1 – Introduction

Question 1 – Read the above and launch the attached VM.

Done
Tryhackme - Phishing Analysis Fundamentals

Task 2 – The Email Address

Question 1 – Email dates back to what time frame?

1970s
Tryhackme - Phishing Analysis Fundamentals

Task 3 – Email Delivery

Question 1 – What port is classified as Secure Transport for SMTP?

465

Question 2 – What port is classified as Secure Transport for IMAP?

993

Question 3 – What port is classified as Secure Transport for POP3?

995
Tryhackme - Phishing Analysis Fundamentals

Task 4 – Email Headers

Question 1 – What email header is the same as “Reply-to”?

Tryhackme - Phishing Analysis Fundamentals
Return-Path:

Question 2 – Once you find the email sender’s IP address, where can you retrieve more information about the IP?

http://www.arin.net/
Tryhackme - Phishing Analysis Fundamentals

Task 5 – Email Body

Question 1 – In the above screenshots, what is the URI of the blocked image?

https://i.imgur.com/LSDOTDI.png

Question 2 – In the above screenshots, what is the name of the PDF attachment?

Payment-updateid.pdf

Question 3 – In the attached virtual machine, view the information in email2.txt and reconstruct the PDF using the base64 data. What is the text within the PDF?

Tryhackme - Phishing Analysis Fundamentals
THM{BENIGN_PDF_ATTACHMENT}

Tryhackme - Phishing Analysis Fundamentals

Task 6 – Types of Phishing

Question 1 – What trusted entity is this email masquerading as?

Tryhackme - Phishing Analysis Fundamentals
Home Depot

Question 2 – What is the sender’s email?

Tryhackme - Phishing Analysis Fundamentals
[email protected]

Question 3 – What is the subject line?

Tryhackme - Phishing Analysis Fundamentals
Order Placed : Your Order ID OD2321657089291 Placed Successfully

Question 4 – What is the URL link for – CLICK HERE? (Enter the defanged URL)

Tryhackme - Phishing Analysis Fundamentals
Tryhackme - Phishing Analysis Fundamentals

hxxp[://]t[.]teckbe[.]com/p/?j3=EOowFcEwFHl6EOAyFcoUFVTVEchwFHlUFOo6lVTTDcATE7oUE7AUET==
Tryhackme - Phishing Analysis Fundamentals

Task 7 – Conclusion

Question 1 – What is BEC?

Business Email Compromise
Tryhackme - Phishing Analysis Fundamentals

Also Read: Tryhackme – Passive Reconnaissance

So that was “Phishing Analysis Fundamentals” for you. This room covers what makes a email address, how it travels from sender to recipient. Looked into the email header and body source code. At last, we covered the types of phishing and about the common techniques attackers use in spam and phishing email campaigns. On that note, i will take your leave and meet you in the next one. So stay tuned and till then, “Hack the planet”.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top