Triathlon pcp sample analysis

Others 2022-04-27 16:04:38 views: 0

foreword

Background tip: Hackers brute-force cracked a website management system, successfully obtained management rights, and downloaded important files.

Questions:
(1) What username did the hacker finally get
(2) What password did the hacker finally get
(3) What file did the hacker modify
(4) The complete connection address of the hacker using the kitchen knife

(5) Hackers use the connection password of the kitchen knife

(6) What is the first file directory viewed by the hacker?

Download address: https://pan.baidu.com/s/1_hRbABEYq2Yake5vU2yJ9w

Analysis process

1. Open the first data traffic packet with wireshark, and use "http contains login" to filter out the login information. As can be seen from the login message, the logged-in IP is 219.239.105.18.

2. Filter out the post package through http && http.request.method==POST, and check the HTMLFORM in the latest package to find the correct username and password

Username: root

Password: 123456

3. Analyze the next packet. Filter ip by http and ip.addr == 219.239.105.18. From the filtered information, it is found that one of the requests has an edit_file operation on the index.html file. So the hacker made changes to the index.html file.

4. The operation of filtering ip is also performed on the subsequent data packets. In one of the packages, it was found that the keyword chopper for Chinese kitchen knives was in the post package, and there was a word Trojan horse behind it. Therefore, the connection path of the hacker using the kitchen knife is 172.16.61.210/index.php?m=search, and the connection password of the kitchen knife is z0.

5. A base encrypted string z1=L3Zhci93d3cvaHRtbC8= was found in one of the post packages. The decompressed path is: /var/www/html/, indicating that the first directory viewed by the hacker is the encrypted /var /www/html/.

Answer:

1. Username: root
2. Password: 123456
3. Modify the file: index.html
4. The link address of the kitchen knife: 172.16.61.210/index.php?m=search
5. The connection password of the kitchen knife: z0
6. A file directory: /var/www/html/

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325693768&siteId=291194637

Triathlon pcp sample analysis

Triathlon pcp sample analysis

Enterprise information security triathlon race sample questions (attack phase)

Phaser Triathlon

word sample analysis

Simple analysis of a .net sample

java memory analysis Sample 1

A* algorithm analysis and introduction of sample questions

End TTS synthesis: Synthesis of Sample Analysis

Android input method official SoftKeyboard sample analysis

[Forensic Analysis] Virut Sample Forensic Features

SpringBoot file upload sample code and process analysis

The underlying implementation and sample analysis of MySQL triggers

python data analysis report sample, python data analysis report + code

SPSS|Data|Transfer|Analysis|Label|One sample test|Testval|Criables|

Reading data from large data StructureStreaming json and Analysis Sample Code

Sample analysis report-RevengeRAT fileless landing attack

Multi-layer Android lock machine sample analysis

"Addition" code template and sample analysis | LeetCode algorithm questions

CVE-2017-11882 Vulnerability Exploitation Malicious Sample Analysis

[Java concurrent programming] volatile (two): in-depth analysis of the principle of volatile (code sample to CPU cache)

ESP32 Quick Start (13): Brief Analysis of OTA Sample Code

The Chicago Nobel Prize Heckman tears up Harvard star Chetty, the sample size is better than careful data analysis?

Small Sample Fault Diagnosis- Attention Mechanism Code- BiGRU Code Analysis Implementation

[3D Vision] mesh sampling into sdf code analysis, sample_SDF_points

Auxiliary safety tools, powerful assistants in insulation safety tools] - Detailed analysis and sample code

In-depth analysis of Unity's new input system: a complete sample project guide from principle to practice

Baldy pcp3d dynamic firing principle

An article to take you through the principal component analysis in mathematical modeling (the sample application explanation of water quality problems in 2005 includes code)

Hisilicon SD3403/SS928V100 development (3) sample-vio all mode process analysis

Recommended

Ranking

[Algorithm] greedy _ program scheduling issues

Spring 控制反转（IOC）

Data structure-6.6 figure

Indicates that the class or member method has abstract properties

Huawei v5 server installed Linux operating system

Postgresql source code analysis - creating ordinary tables

Chapter 10 Evaluation Classification Results

Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages

Java Exercise 17.1

Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.

Daily

More

2024-05-09(32)

2024-05-08(18)

2024-05-07(34)

2024-05-06(6)

2024-05-05(0)

2024-05-04(18)

2024-05-03(8)

2024-05-02(0)

2024-05-01(4)

2024-04-30(36)