NS4 | Network Security Series
kurtnettle1 min read
Problem Statement
Identifying the port utilized by the web shell helps improve
firewall configurations for blocking unauthorized outbound traffic.
What port was used by the malicious web shell?
Flag Format: BUBT{PortNo}
network_artifacts.pcapng
Prerequisites
- Wireshark (basic use of filters, following HTTP/TCP streams, viewing responses)
Solution
In the NS2 problem, we examined the PHP shell contents and saw an IP address and a port number.
Credits
Hashnode - for the amazing platform
BUBT - for the workshop
0
Subscribe to my newsletter
Read articles from kurtnettle directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by