Challenge Preface, Takeaways

In Network Analysis Web Shell, an alert was generated due to local port scanning on a monitored network. A pcap file is presented for analysis, and malicious activity is suspected.

Questions and Answers (Coming Soon)

What is the IP responsible for conducting the port scan activity?

What is the port range scanned by the suspicious host?

What is the type of port scan conducted?

Two more tools were used to perform reconnaissance against open ports, what were they?

What is the name of the php file through which the attacker uploaded a web shell?

What is the name of the web shell that the attacker uploaded?

What is the parameter used in the web shell for executing commands?

What is the first command executed by the attacker?

What is the type of shell connection the attacker obtains through command execution?

What is the port he uses for the shell connection?

BTLO Challenge - Network Analysis - Web Shell

Everyone comes out of their shell, eventually

Challenge Preface, Takeaways

Questions and Answers (Coming Soon)

What is the IP responsible for conducting the port scan activity?

What is the port range scanned by the suspicious host?

What is the type of port scan conducted?

Two more tools were used to perform reconnaissance against open ports, what were they?

What is the name of the php file through which the attacker uploaded a web shell?

What is the name of the web shell that the attacker uploaded?

What is the parameter used in the web shell for executing commands?

What is the first command executed by the attacker?

What is the type of shell connection the attacker obtains through command execution?

What is the port he uses for the shell connection?

Related Posts