type
status
date
slug
summary
tags
category
icon
password
Catagory
Materials
Retired
Retired
Due date
May 28, 2024 05:25 AM
Status
Belong in
Progress
Q 1
Given the suspicious activity detected on the web server, the pcap analysis shows a series of requests across various ports, suggesting a potential scanning behavior. Can you identify the source IP address responsible for initiating these requests on our server?
Ans:14.0.0.120
Q 2
Based on the identified IP address associated with the attacker, can you ascertain the city from which the attacker's activities originated?
Ans:Guangzhou
Q 3
From the pcap analysis, multiple open ports were detected as a result of the attacker's activitie scan. Which of these ports provides access to the web server admin panel?
Ans:8080
Q 4
Following the discovery of open ports on our server, it appears that the attacker attempted to enumerate and uncover directories and files on our web server. Which tools can you identify from the analysis that assisted the attacker in this enumeration process?
Ans:gobuster
Q 5
Subsequent to their efforts to enumerate directories on our web server, the attacker made numerous requests trying to identify administrative interfaces. Which specific directory associated with the admin panel was the attacker able to uncover?
Ans:/manager
Q 6
Upon accessing the admin panel, the attacker made attempts to brute-force the login credentials. From the data, can you identify the correct username and password combination that the attacker successfully used for authorization?
Ans:admin:tomcat
Q 7
Once inside the admin panel, the attacker attempted to upload a file with the intent of establishing a reverse shell. Can you identify the name of this malicious file from the captured data?
Ans:JXQOZY.war
Q 8
Upon successfully establishing a reverse shell on our server, the attacker aimed to ensure persistence on the compromised machine. From the analysis, can you determine the specific command they are scheduled to run to maintain their presence?
Link to Notes
Reference
- 作者:ji3g4gp
- 連結:https://gpblog.vercel.app//article/CyberDefender-Tomcat
- 著作權:本文採用 CC BY-NC-SA 4.0 許可協議,轉載請註明出處。