suggestion to add an email spoofing challenge

Got an idea on how things should be done? A problem with something on the site? Voice your opinion!

suggestion to add an email spoofing challenge

Post by babysnoop on Fri Apr 26, 2019 6:47 am
([msg=98112]see suggestion to add an email spoofing challenge[/msg])

I though it could be fun to add an email spoofing challenge. Email spoofing is when you fake the 'from' field to match an address that does not belong to you more details here - https://dylan.tweney.com/2017/10/25/how-to-fake-an-email-from-almost-anyone-in-under-5-minutes/

I could imagine the challenge to look something like this
1. You are trying to hack into e-corp.com
2. The developer of e-corp is called Daniel and the CEO is Phillip
3. you send a spoofed email to Daniel pretending to be Phillip
4. you tell Daniel to send e-corp login credentials to a newly hired security contractor which happens to be the HTS user doing this proposed challenge

In order to automate this, HTS would have to be able to have access to Daniel's mail box. so maybe one would need to re-script this to use a @hackthissite.org mailbox or some other mailbox that HTS controls (that does not have DMARC enabled)

ps: loving the missions on this site. thank you so much HTS

regards
babysnoop
babysnoop
New User
New User
 
Posts: 1
Joined: Sun Apr 21, 2019 3:04 pm
Blog: View Blog (0)


Re: suggestion to add an email spoofing challenge

Post by Zulus on Tue Jul 23, 2019 10:38 am
([msg=98709]see Re: suggestion to add an email spoofing challenge[/msg])

I think the hacker just sends you an email and puts your email address in the from field. Spoofing the from address is quite simple, the only problem is it will often lead to mismatches in DKIM, and stuff like that, meaning the email often ends up in spam. But if the spammer uses the same email provider as you it might work, or there might be other ways to avoid the spam filter. I am recently read tutorials "how to"
Zulus
New User
New User
 
Posts: 4
Joined: Mon Jul 08, 2019 10:43 am
Blog: View Blog (0)



Return to Comments & Suggestions

Who is online

Users browsing this forum: No registered users and 0 guests