Openfire Lab
Last updated
Last updated
Q1) What is the CSRF token value for the first login request?
Answer: tmJU6J9uym8oIOD
Q2) What is the password of the first user who logged in?
Answer: Admin@Passw0rd#@#
Q3) What is the 1st username that was created by the attacker?
Answer: 3536rr
Q4) What is the username that the attacker used to login to the admin panel?
Then follow tcp stream.
Answer: a7zo4l
Q5) What is the name of the plugin that the attacker uploaded?
Then follow http stream.
Answer: openfire-plugin.jar
Q6) What is the first command that the user executed?
Answer: whoami
Q7) Which tool did the attacker use to get a reverse shell?
Answer: netcat
Q8) Which command did the attacker execute on the server to check for network interfaces?
The attacker utilized port 8888 for establishing a reverse shell. Let's apply a filter to focus on traffic associated with this port.
Next, let's follow the tcp stream.
Answer: ifconfig
Q9) What is the CVE of the vulnerability exploited?
Answer: CVE-2023-32315