Sender - Cybrics Quals 2019

Task

For this challenge, we have a link with some intercepted data: Data

It’s the traffic incerception of a mail sent from fawkes@ugm.cybrics.net. The body of the mail is encoded with the quoted-printable encoding. Let’s save it in a file and decode it: Mail

So we do have the password for an archive. After a bit of thinkering I thought to search if there are received mails. The default port for POP3 is 110, so let’s try: POP3

Let’s read the mail with RETR 1: Received mail

The mail contains an attachment called secret_flag.zip. Let’s use tee to write the output of netcat to a file:

nc ugm.cybrics.net 110 | tee received-mail

and run the previous commands to authenticate and retrieve the mail.

We now have to use an editor to extract the base64 encoded attachment, so delete the lines from 1 to 34 and from 1899 to 1901. We also have to remove the line endings to obtain a valid base64 string.

I personally use vim and the command to remove all line endings is :%s/\n//g.

Let’s create the archive and extract it: Archive

Even if base64 -d says that the input is not valid, it’s because cat adds a new line at the end.

Opening the PDF file we find the flag: PDF

Flag

cybrics{Y0uV3_G0T_m41L}