https://blueteamlabs.online/home/challenge/10
Open the email in your favourite text editor (VSCode). The Received
field tells you which server an email came from.
Received: from localhost ([emkei.cz](<http://emkei.cz/>). [93.99.104.210])
Even easier. Look for the Reply-To
field.
Reply-To: [[email protected]](<mailto:[email protected]>)
At the bottom of the email we have some base64 encoded files. These are the attachments. Sure, I could open it with an email program, but that's too much hassle!
The first one (I've cropped the code to keep this article short):
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: base64
SGkgV[...]J+SsA==
$ echo SGkgV[...]J+SsA== | base64 -d
Hi TheMajorOnEarth,
The abducted CoCanDians are with me including the President’s daughter. Dont worry. They are safe in a secret location.
Send me 1 Billion CoCanDs🤑 in cash💸 with a spaceship🚀 and my autonomous bots will safely bring back your citizens.
I heard that CoCanDians have the best brains in the Universe. Solve the puzzle I sent as an attachment for the next steps.
I’m approximately 12.8 light minutes away from the sun and my advice for the puzzle is
“Don't Trust Your Eyes”
Lol😂
See you Major. Waiting for the Cassshhhh💰
12.8 light minutes is 230,000,000km. Mars is about 228,000,000km. So they're likely on Mars.
Next one:
Content-Type: application/pdf; name="PuzzleToCoCanDa.pdf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="PuzzleToCoCanDa.pdf"
UEsDB[...]AAAAA=
$ echo UEsDB[...]AAAAA=' | base64 -d > PuzzleToCoCanDa.pdf