Disclose The Agent - Write up

Decided to start back up with some basic training after someone mentioned LetsDefend.io. The site impressed me. Here is a writeup on one of their public facing challenges that kind of shows what to expect. Disclose the Agent Premise is that you've got a PCAP file and you need to identify who the secret agent is, what they are doing, and who they are communicating with.

1. Grab the PCAP file.
   https://api.letsdefend.io/download/downloadfile/smtpchallenge.zip
   Pass: 321 
   
   
2. Load it into WireShark.
   

   

   
   
   
3. What is the email address of Ann's secret boyfriend?
   Looked through the pcap file for all the From: and To: SMTP packets. From there I was able to see this. mistersecretx@aol.com
   

   

   
   
   
4. What is Ann's email password?
   This one took a bit more.  First thing was to look for some sort of PASS/AUTHENTICATE type interaction...  Oh wait, it literally says that.  The next step is decoding the string.  Used python but it isn't the only way.
   

   

   
   

   

   
   
   
5. What is the name of the file that Ann sent to his secret lover?
   For this one I used Wireshark's Follow function to see all the packets for this one SMTP message.  Then when it presented the total message I found the section for the attached document.
   

   

   
   

   

   
   
   
6. In what country will Ann meet with her secret lover?
   This one was a bit harder. There was a reference about bringing a swimsuit in the body of the message but nothing more. To get it you had to grab the contents of the attachment and then build/view the file in an word doc application.  
   

   

   
   
   
7. What is the MD5 value of the attachment Ann sent?
   This one ended up being as simple as running a command.