Home Writeups Contact

Onboarding Checklist - TAMUctf 2019


From: importantperson@somebigcorp.com  
Date: Feb 22, 2019 9:00 AM  
To: someguy@somebigcorp.com  
Subject: New Employee Access

Hello Some Guy,

We need to begin sending requests for the new employee to get access to our security appliances. 
I believe they already know that you are authorized to make a new account request. 
Would you mind sending the new employee's email address to tamuctf@gmail.com so they can process the account request?

Thank you,  
Important Person

The new employee can be a little slow to respond.

So by reading through the challenge description there are 3 things that stand out to me:

My first thought was to send the target an email from a throwaway email maker like Guerrilla and change the sender address to be someguy. This didn't work, we're met with an email from tamuctf@gmail.com that tells us of our failure :(

So this led me to believe that it's not just testing if there's "someguy" in the email address, so we should try to get the domain too!

After that, I googled around and came across the php mail function. Looking at the w3schools page on it we can see them setting From in the headers. Interesting...

$to = "somebody@example.com";  
$subject = "My subject";  
$txt = "Hello world!";  
$headers = "From: webmaster@example.com" . "\r\n" .  
"CC: somebodyelse@example.com";  


Because I'm too lazy to set up smtp by myself, to quickly test it out, I set up a page on 000webhost , created a file called mail.php, and edited w3schools' example to fit our needs. file being edited
Save the file, browse to it on your site, and now the best part! Waiting!
Admittedly, when I solved this it didn't take long at all to recieve the email, probably less than 10 mintes. I did see a lot of people saying that it took over 24 hours for them though. In TAMU's defense, they did say The new employee can be a little slow to respond. :P

After waiting, you should recieve an email in the inbox of the address you supplied with the flag. success email