TryHackMe — Advent of Cyber 2022 [Day 6]

This day introduces you to email analysis. This skill isn’t something that you might use a lot in your life however its good to have its knowledge in case you need it at some point.

Begin the challenge by opening Urgent.eml file in sublime. This provides you a color coded output of the file for easier navigation. The first task requires the sender’s address which is visible in the From: header, stating that the email has been sent by chief.elf@santaclaus.thm

The second task requires the return address for this mail which is represented in the Return-Path header being murphy.evident@bandityeti.thm

The third task requires the name of the email’s sender and is represented in the From header. This mail was sent by Chief Elf.

Task 4 requires the x-spamscore which is represented with the header named X-Pm-Spamscore and its value is 3.

Task 5 requires the hidden value in Message-ID field. A look at it and you’ll know that its base64 encoded. This can be decoded with GUI tools such as cyberchef or you can use the CLI tool as shown in the image below. This reveals the decoded text to be AoC2022_Email_Analysis.

Task 6 guides us to check the reputation of the sender for which we can visit https://emailrep.io
This shows us that the sender’s email is risky and…