Skip to content

Mastering Web Threats: Insights from Praj Shete’s Malicious Traffic Analysis on LetsDefend Challenge

Original Post: LetsDefend Challenge: Malicious Web Traffic Analysis | by Praj Shete | Sep, 2024

The document is an analysis of a malicious web traffic incident, detailing the steps and techniques used to identify key information about the attack. Here’s a summary of the contents:

  1. Identifying the Web Server’s IP Address: By filtering Wireshark packet captures for HTTP traffic, the web server’s public IP address is found to be 10.1.0.4.

  2. Identifying the Attacker’s IP Address: By analyzing interactions, the attacker’s IP address is differentiated from other IPs contacting the server.

  3. Discovering the Vulnerability: The attacker identified an XML External Entity (XXE) vulnerability by attempting to sign up and read the source code.

  4. Recovering the Note in the Source Code: The attacker viewed the source code, which was returned in a Base64-encoded format, to extract a note.

  5. Finding a Possible Username: After decoding the source code response, the attacker found a possible username “admin” through the exploited vulnerability.

  6. Brute-forcing the Password: The attacker brute-forced the password using behavior analysis of HTTP response lengths, leading to a successful attempt identified by a different response length.

  7. Further Exploitation: The attacker used a directory traversal vulnerability to read internal files on the server, evident from logs of unusual URL patterns.

  8. Identifying the Most Recent User: The attacker identified the last created user on the server by examining the content of internal files.

  9. Exploiting Open Redirect Vulnerability: An open redirect vulnerability was tested, where the attacker used controlled input to redirect to a specified URL.

The analysis links to the challenge on Let’s Defend and provides references to the vulnerabilities and techniques used.

Go here to read the Original Post

Leave a Reply

Your email address will not be published. Required fields are marked *