ib01c01_incident.pcap

MD5	08c7028dfe34c61de681356cdade6eac
Submission Date	2019-08-31 05:28:31
Tags	(not set)

Alert 2

Showing 1-2 of 2 items.

Timestamp

Src Ip

Dest Ip

Alert Signature

Timestamp	2018-12-10T12:51:55.982891-0800
Flow Id	49889567029104
Source IP	10.0.2.19
Source Port	57360
Destination IP	10.0.2.122
Destination Port	80
Protocol	TCP
Alert Signature	ET POLICY Http Client Body contains passwd= in cleartext
Alert Category	Potential Corporate Privacy Violation
Alert Severity	1
Alert Gid	1
Alert Signature Id	2012886
Payload Printable	POST /admin530o6uisg/index.php?rand=1544475115839 HTTP/1.1 Host: www.pwnhats.htb User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.pwnhats.htb/admin530o6uisg/index.php?controller=AdminLogin&token=de267fd50b09d00b04cca76ff620b201 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 cache-control: no-cache X-Requested-With: XMLHttpRequest Content-Length: 195 Cookie: install_36c8f05a9cd9=ngbglmfick8un365kfcsslqe93; PHPSESSID=5s0t64v9f781lafbtoqagefvs5; PrestaShop-3c2ade0c14ea228fac093064bee52f65=def502001a76d48eb2af537cb916636305f4a89b7d2d469fb0f5732c31bbc7e7a4851909f4d23acd513532e7e0feb5468be310ec2b9b7cbeef8a7a907177b7f06f1787ecea5782a323bac139ced2d7c1263dfb3149d6596d11c26a04a5fbd78c696b2744cca82b5c0c3ccf9ad1856fcd449176e89a51194b7b6d0579f84585b22a2e17f4d96bf881d5d0762a2b9a98761b993dd3335e3a3dec38d4b1432e3300f6f2582eb88c86488c4fe33ff63bb8b4eaeff6e31e007473124c25e7ea4086f7bfe2514c05e10834e340250a0e89dc3fb437f8f338f0bb4f6ab9da4b3ca5064e1fc44a429c5b8ac0072dd19e784f9d666c3aeeae2a8d9064ef6565953203ba9a3e29adf168819712e1bebf0af8f0066396eaa9e15fe35e0a4ed5f9c00a966e7385bf991561ccd9f7224060a3f1c4d45f8f660951; PrestaShop-b90f2108c36da598167041779234808f=def50200cddfc1ef836894054bdefa9f3b8c8b02900d7bda38b079f1eca1387f6a2f87180738eb5f5d89105444848100cdadf439c5b77a3cfec95f35bbcc481032b714d6d7963b6a7d31229baaec0396b55ffc53ab2f500899895dd1aa877d56a24b05c128afd02fb9b407ecf30491c2cda5cbe54c9cd2126003b0be7d9a963b62966551fcc69ebd1c025f316ea2488102b0a907221f9a535a3f4873040fc89bcab97c Connection: keep-alive ajax=1&token=&controller=AdminLogin&submitLogin=1&passwd=pwnhats.htb&email=admin%40pwnhats.htb&redirect=http%3A%2F%2Fwww.pwnhats.htb%2Fadmin530o6uisg%2F%26token%3De44d0ae2213d01986912abc63712a05b

2018-12-10T12:51:55.982891-0800

10.0.2.19

10.0.2.122

ET POLICY Http Client Body contains passwd= in cleartext

2018-12-10T12:52:21.621530-0800

10.0.2.19

10.0.2.122

ET POLICY Http Client Body contains passwd= in cleartext

DNS 0

#		Timestamp	Src Ip	Dest Ip	Dns Type	Resource Record Name	Resource Record Type	Resource Data
No results found.

TLS 1

Showing 1-1 of 1 item.

Timestamp

Source IP

Destination IP

TLS Version

Issuer

2018-12-10T12:54:42.173273-0800

10.0.2.122

10.0.2.19

TLS 1.2

C=AU, ST=Some-State, O=Internet Widgits Pty Ltd

TFTP 0

#	Timestamp	Src Ip	Dest Ip	Tftp Packet	Tftp File	Tftp Mode
No results found.

HTTP 46

Showing 1-20 of 46 items.

Timestamp

Source

Hostname

Port

Method

URL

Status

2018-12-10T12:51:00.973307-0800

10.0.2.19

www.pwnhats.htb

GET

/js/vendor/spin.js

(not set)

2018-12-10T12:51:00.920005-0800

10.0.2.19

www.pwnhats.htb

GET

/admin530o6uisg/index.php?controller=AdminLogin&token=de267fd50b09d00b04cca76ff620b201

200

2018-12-10T12:51:00.957202-0800

10.0.2.19

www.pwnhats.htb

GET

/admin530o6uisg/themes/default/css/overrides.css

200

2018-12-10T12:51:00.978176-0800

10.0.2.19

www.pwnhats.htb

GET

/js/jquery/jquery-1.11.0.min.js

200

2018-12-10T12:51:00.961491-0800

10.0.2.19

www.pwnhats.htb

GET

/js/jquery/jquery-migrate-1.2.1.min.js

200

2018-12-10T12:51:00.964410-0800

10.0.2.19

www.pwnhats.htb

GET

/admin530o6uisg/themes/default/public/theme.css

(not set)

2018-12-10T12:51:00.964454-0800

10.0.2.19

www.pwnhats.htb

GET

/js/jquery/plugins/jquery.validate.js

200

2018-12-10T12:51:01.298784-0800

10.0.2.19

www.pwnhats.htb

GET

/js/jquery/jquery-1.11.0.min.js

(not set)

2018-12-10T12:51:00.980359-0800

10.0.2.19

www.pwnhats.htb

GET

/img/preston-login@2x.png

(not set)

2018-12-10T12:51:07.653489-0800

10.0.2.19

www.pwnhats.htb

GET

200

2018-12-10T12:51:01.328510-0800

10.0.2.19

www.pwnhats.htb

GET

/js/jquery/jquery-migrate-1.2.1.min.js

(not set)

2018-12-10T12:51:00.971512-0800

10.0.2.19

www.pwnhats.htb

GET

/js/vendor/ladda.js

200

2018-12-10T12:51:01.354918-0800

10.0.2.19

www.pwnhats.htb

GET

/js/jquery/plugins/jquery.validate.js

(not set)

2018-12-10T12:51:24.991797-0800

10.0.2.19

www.pwnhats.htb

GET

/home/23-white-hat.html

200

2018-12-10T12:51:01.382785-0800

10.0.2.19

www.pwnhats.htb

GET

/js/vendor/spin.js

(not set)

2018-12-10T12:51:25.071914-0800

10.0.2.19

www.pwnhats.htb

GET

/27-large_default/white-hat.jpg

200

2018-12-10T12:51:01.409069-0800

10.0.2.19

www.pwnhats.htb

GET

/js/vendor/ladda.js

(not set)

2018-12-10T12:51:27.574245-0800

10.0.2.19

www.pwnhats.htb

GET

200

2018-12-10T12:51:01.461620-0800

10.0.2.19

www.pwnhats.htb

GET

/admin530o6uisg/themes/default/public/97493d3f11c0a3bd5cbd959f5d19b699.woff2

(not set)

2018-12-10T12:51:01.499166-0800

10.0.2.19

www.pwnhats.htb

GET

/img/preston-login-wink@2x.png

(not set)

SMB 0

#		Timestamp	Src Ip	Dest Ip	SMB Dialect	Command	Session	Tree
No results found.

SMTP 0

#		Timestamp	Source	Destination	Email From	Email To	Subject
No results found.

Flow 30

Showing 1-20 of 30 items.

Timestamp

Flow Id

Event Type

Source

Source Port

Destination

Destination Port

Protocol

Host

2018-12-10T12:53:25.803903-0800

283144942775352

flow

10.0.2.19

57332

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

997690063458578

flow

10.0.2.19

57356

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1427994245270118

flow

10.0.2.19

57340

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1995475394041704

flow

10.0.2.19

44401

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1577033910345783

flow

10.0.2.122

44224

10.0.2.19

4444

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1018619451576741

flow

10.0.2.122

38738

10.0.2.19

4445

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1022141310633407

flow

10.0.2.19

57338

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1450611543082808

flow

10.0.2.19

57330

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1451569321877768

flow

10.0.2.19

57354

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

49889567029104

flow

10.0.2.19

57360

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

191967086903217

flow

10.0.2.19

46007

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1603817328902464

flow

10.0.2.122

58756

10.0.2.19

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

759766058393077

flow

10.0.2.19

36863

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1189425996766188

flow

10.0.2.19

32795

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

628722306327374

flow

10.0.2.19

57346

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

214670284038838

flow

10.0.2.122

44230

10.0.2.19

4444

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1632125459636884

flow

10.0.2.122

58758

10.0.2.19

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

797965492202407

flow

10.0.2.19

57318

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1081278720269296

flow

10.0.2.122

44222

10.0.2.19

4444

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1646131339325564

flow

10.0.2.19

57334

10.0.2.122

TCP

pcapanalyzer

File 44

Showing 1-20 of 44 items.

Timestamp

Source

Destination

File Name

File Magic

File Size

2018-12-10T12:51:00.920005-0800

10.0.2.122

10.0.2.19

/admin530o6uisg/index.php

HTML document, ASCII text

6197

2018-12-10T12:51:00.974275-0800

10.0.2.122

10.0.2.19

/js/vendor/spin.js

ASCII text

10196

2018-12-10T12:51:00.957202-0800

10.0.2.122

10.0.2.19

/admin530o6uisg/themes/default/css/overrides.css

ASCII text

306

2018-12-10T12:51:00.978482-0800

10.0.2.122

10.0.2.19

/js/jquery/jquery-1.11.0.min.js

ASCII text, with very long lines

96381

2018-12-10T12:51:00.961491-0800

10.0.2.122

10.0.2.19

/js/jquery/jquery-migrate-1.2.1.min.js

ASCII text, with very long lines

7199

2018-12-10T12:51:00.964454-0800

10.0.2.122

10.0.2.19

/js/jquery/plugins/jquery.validate.js

UTF-8 Unicode text, with very long lines

21068

2018-12-10T12:51:00.981080-0800

10.0.2.122

10.0.2.19

/img/preston-login@2x.png

PNG image data, 139 x 240, 8-bit/color RGBA, non-interlaced

12316

2018-12-10T12:51:01.299361-0800

10.0.2.122

10.0.2.19

/js/jquery/jquery-1.11.0.min.js

ASCII text, with very long lines

96381

2018-12-10T12:51:07.653489-0800

10.0.2.122

10.0.2.19

HTML document, UTF-8 Unicode text, with very long lines

36521

2018-12-10T12:51:00.966348-0800

10.0.2.122

10.0.2.19

/admin530o6uisg/themes/default/public/theme.css

ASCII text, with very long lines

435107

2018-12-10T12:51:01.328809-0800

10.0.2.122

10.0.2.19

/js/jquery/jquery-migrate-1.2.1.min.js

ASCII text, with very long lines

7199

2018-12-10T12:51:00.971512-0800

10.0.2.122

10.0.2.19

/js/vendor/ladda.js

ASCII text

6490

2018-12-10T12:51:24.991797-0800

10.0.2.122

10.0.2.19

/home/23-white-hat.html

HTML document, UTF-8 Unicode text, with very long lines

41104

2018-12-10T12:51:01.355200-0800

10.0.2.122

10.0.2.19

/js/jquery/plugins/jquery.validate.js

UTF-8 Unicode text, with very long lines

21068

2018-12-10T12:51:01.383051-0800

10.0.2.122

10.0.2.19

/js/vendor/spin.js

ASCII text

10196

2018-12-10T12:51:25.071914-0800

10.0.2.122

10.0.2.19

/27-large_default/white-hat.jpg

JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, comment: "CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90", progressive, precision 8, 800x800, frames 3

13360

2018-12-10T12:51:01.409377-0800

10.0.2.122

10.0.2.19

/js/vendor/ladda.js

ASCII text

6490

2018-12-10T12:51:27.574245-0800

10.0.2.122

10.0.2.19

HTML document, UTF-8 Unicode text, with very long lines

36521

2018-12-10T12:51:01.462259-0800

10.0.2.122

10.0.2.19

/admin530o6uisg/themes/default/public/97493d3f11c0a3bd5cbd959f5d19b699.woff2

data

56780

2018-12-10T12:51:55.899350-0800

10.0.2.19

10.0.2.122

/admin530o6uisg/index.php

ASCII text, with no line terminators

195

Comments	(not set)

Update Download PCAP Delete