Menu
Blog
Hack the box Forensic Challenge Library: The security team was alerted to suspicious network activity from a production web server.Can you determine if any data was stolen and what it was? Solution: Hackinthebox will provide you following data - pcapng file, and lot of bro logs: While reviewing the log files - I noticed pastebin.com access from ip 10.10.20.13 ![]() Decrypte the data by the secrets.log file provided by hackthebox to view the content in plain text Followed the TCP Stream for ip.addr == 10.10.20.13 There was a post request made (as seen in about screenshot). Filters packets by HTTP Post Credit Card Data in Plain Text Hack the box key below: ![]() Comments are closed.
|
Mac Forensics
|