type
status
date
slug
summary
tags
category
icon
password
Catagory
Materials
Retired
Retired
Due date
Jul 9, 2024 12:56 AM
Status
Belong in

Progress

notion image

Task 1

We believe our Business Management Platform server has been compromised. Please can you confirm the name of the application running?
Ans:Bonitasoft

Task 2

We believe the attacker may have used a subset of the brute forcing attack category - what is the name of the attack carried out?
Ans:Credential Stuffing

Task 3

Does the vulnerability exploited have a CVE assigned - and if so, which one?
Ans:CVE-2022-25237
notion image

Task 4

Which string was appended to the API URL path to bypass the authorization filter by the attacker's exploit?
Ans:i18ntranslation
notion image

Task 5

How many combinations of usernames and passwords were used in the credential stuffing attack?
Ans:56
notion image

Task 6

Which username and password combination was successful?
Ans:seb.broom@forela.co.uk:g0vernm3nt
notion image

Task 7

If any, which text sharing site did the attacker utilise?
Ans:pastes.io
notion image
3652
3652
notion image
3749
3749

Task 8

Please provide the filename of the public key used by the attacker to gain persistence on our host.
notion image

Task 9

Can you confirmed the file modified by the attacker to gain persistence?
notion image

Task 10

Can you confirm the MITRE technique ID of this type of persistence mechanism?
Ans:T1098.004
notion image
notion image

Link to Notes

    Reference

    CVE-2022-25237: Bonitasoft Authorization Bypass and RCE - Rhino Security Labs
    Bonita Web 2021.2 is affected by an authentication/authorization bypass vulnerability in the API authorization filters.
    CVE-2022-25237: Bonitasoft Authorization Bypass and RCE - Rhino Security Labs
    https://rhinosecuritylabs.com/application-security/cve-2022-25237-bonitasoft-authorization-bypass/
    CVE-2022-25237: Bonitasoft Authorization Bypass and RCE - Rhino Security Labs
    Brute Force Attacks: Techniques, Types & Prevention | Splunk
    Yes, brute force attacks remain a major threat in 2023. Get the latest on brute force attacks: types, trends, business impacts & how to prevent them.
    Brute Force Attacks: Techniques, Types & Prevention | Splunk
    https://www.splunk.com/en_us/blog/learn/brute-force-attacks.html
    Brute Force Attacks: Techniques, Types & Prevention | Splunk
    Persistence, Tactic TA0003 - Enterprise | MITRE ATT&CK®
    Persistence consists of techniques that adversaries use to keep access to systems across restarts, changed credentials, and other interruptions that could cut off their access. Techniques used for persistence include any access, action, or configuration changes that let them maintain their foothold on systems, such as replacing or hijacking legitimate code or adding startup code.
    Persistence, Tactic TA0003 - Enterprise | MITRE ATT&CK®
    https://attack.mitre.org/tactics/TA0003/
    相關文章
    Sharlocks - Litter
    Sharlocks - Brutus
    Tomcat Takeover Blue Team Lab
    Sharlocks - BrutusTomcat Takeover Blue Team Lab