TryHackMe Walkthrough: Snapped Phish-ing Line
This is the second of my TryHackMe (THM) walkthroughs. THM is a fabulous platform for learning, with a wide variety of topics and skill levels. The Snapped Phish-ing Line room I am covering in this post is free for registered users.
There are no special tools required, simply launch the provided virtual machine (VM) through the link in Task 1. Note the disclaimer “The phishing kit used in this scenario was retrieved from a real-world phishing campaign. Hence, it is advised that interaction with the phishing artefacts be done only inside the attached VM, as it is an isolated environment.”
Task 1 Questions
There are five phishing emails in the folder “phish-emails” on the VM desktop.
Who is the individual who received an email attachment containing a PDF?
To identify who received an email with a PDF attachment, I opened a terminal window in the VM, changed directories to the phish-emails folder and used grep to search the contents of the folder:
damianhall@SSFWKNIT001:~$ cd Desktop/phish-emails/
damianhall@SSFWKNIT001:~/Desktop/phish-emails$ grep -R -i pdf
The output isn’t pretty but the file in question can be fairly easily spotted in the middle of the output.
