kali@kali:~/HTB/challenges/OSINT/Easy_Phish$ host -a secure-startup.com
Trying "secure-startup.com"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 23922
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;secure-startup.com. IN ANY
;; ANSWER SECTION:
secure-startup.com. 5 IN A 34.102.136.180
secure-startup.com. 5 IN NS ns69.domaincontrol.com.
secure-startup.com. 5 IN NS ns70.domaincontrol.com.
secure-startup.com. 5 IN SOA ns69.domaincontrol.com. dns.jomax.net. 2020070800 28800 7200 604800 600
secure-startup.com. 5 IN TXT "v=spf1 a mx ?all - HTB{RIP_SPF_Always_2nd"
Received 207 bytes from 192.168.8.2#53 in 59 mskali@kali:~/HTB/challenges/OSINT/Easy_Phish$ dig TXT secure-startup.com
; <<>> DiG 9.16.15-Debian <<>> TXT secure-startup.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 56142
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0005, udp: 65494
;; QUESTION SECTION:
;secure-startup.com. IN TXT
;; ANSWER SECTION:
secure-startup.com. 5 IN TXT "v=spf1 a mx ?all - HTB{RIP_SPF_Always_2nd"
;; Query time: 35 msec
;; SERVER: 192.168.8.2#53(192.168.8.2)
;; WHEN: Tue Jun 15 18:55:54 EDT 2021
;; MSG SIZE rcvd: 101
kali@kali:~/HTB/challenges/OSINT/Easy_Phish$ dig TXT secure-startup.com _dmarc.secure-startup.com
; <<>> DiG 9.16.15-Debian <<>> TXT secure-startup.com _dmarc.secure-startup.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50028
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0005, udp: 65494
;; QUESTION SECTION:
;secure-startup.com. IN TXT
;; ANSWER SECTION:
secure-startup.com. 5 IN TXT "v=spf1 a mx ?all - HTB{RIP_SPF_Always_2nd"
;; Query time: 0 msec
;; SERVER: 192.168.8.2#53(192.168.8.2)
;; WHEN: Tue Jun 15 16:59:15 EDT 2021
;; MSG SIZE rcvd: 101
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38135
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0005, udp: 65494
;; QUESTION SECTION:
;_dmarc.secure-startup.com. IN TXT
;; ANSWER SECTION:
_dmarc.secure-startup.com. 5 IN TXT "v=DMARC1;p=none;_F1ddl3_2_DMARC}"
;; Query time: 0 msec
;; SERVER: 192.168.8.2#53(192.168.8.2)
;; WHEN: Tue Jun 15 16:59:15 EDT 2021
;; MSG SIZE rcvd: 99HTB{RIP_SPF_Always_2nd_F1ddl3_2_DMARC}kali@kali:~/HTB/challenges/OSINT/Easy_Phish$ dig TXT secure-startup.com _dkim.secure-startup.com
; <<>> DiG 9.16.15-Debian <<>> TXT secure-startup.com _dkim.secure-startup.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36356
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0005, udp: 65494
;; QUESTION SECTION:
;secure-startup.com. IN TXT
;; ANSWER SECTION:
secure-startup.com. 5 IN TXT "v=spf1 a mx ?all - HTB{RIP_SPF_Always_2nd"
;; Query time: 0 msec
;; SERVER: 192.168.8.2#53(192.168.8.2)
;; WHEN: Tue Jun 15 18:59:14 EDT 2021
;; MSG SIZE rcvd: 101
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 48266
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; MBZ: 0x0005, udp: 65494
;; QUESTION SECTION:
;_dkim.secure-startup.com. IN TXT
;; Query time: 55 msec
;; SERVER: 192.168.8.2#53(192.168.8.2)
;; WHEN: Tue Jun 15 18:59:14 EDT 2021
;; MSG SIZE rcvd: 53
SPF, DKIM, DMARC
SPF (Sender Policy Framework) is a DNS text entry which shows a list of servers that should be considered allowed to send mail for a specific domain. Incidentally the fact that SPF is a DNS entry can also considered a way to enforce the fact that the list is authoritative for the domain, since the owners/administrators are the only people allowed to add/change that main domain zone.
DKIM (DomainKeys Identified Mail) should be instead considered a method to verify that the messages’ content are trustworthy, meaning that they weren’t changed from the moment the message left the initial mail server. This additional layer of trustability is achieved by an implementation of the standard public/private key signing process. Once again the owners of the domain add a DNS entry with the public DKIM key which will be used by receivers to verify that the message DKIM signature is correct, while on the sender side the server will sign the entitled mail messages with the corresponding private key.
DMARC (Domain-based Message Authentication, Reporting and Conformance) empowers SPF and DKIM by stating a clear policy which should be used about both the aforementioned tools and allows to set an address which can be used to send reports about the mail messages statistics gathered by receivers against the specific domain.