ib01c01_incident.pcap

MD5	08c7028dfe34c61de681356cdade6eac
Submission Date	2019-08-31 05:28:31
Tags	(not set)

Alert 2

Showing 1-2 of 2 items.

Timestamp

Src Ip

Dest Ip

Alert Signature

Timestamp	2018-12-10T12:51:55.982891-0800
Flow Id	913766404044656
Source IP	10.0.2.19
Source Port	57360
Destination IP	10.0.2.122
Destination Port	80
Protocol	TCP
Alert Signature	ET POLICY Http Client Body contains passwd= in cleartext
Alert Category	Potential Corporate Privacy Violation
Alert Severity	1
Alert Gid	1
Alert Signature Id	2012886
Payload Printable	POST /admin530o6uisg/index.php?rand=1544475115839 HTTP/1.1 Host: www.pwnhats.htb User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://www.pwnhats.htb/admin530o6uisg/index.php?controller=AdminLogin&token=de267fd50b09d00b04cca76ff620b201 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 cache-control: no-cache X-Requested-With: XMLHttpRequest Content-Length: 195 Cookie: install_36c8f05a9cd9=ngbglmfick8un365kfcsslqe93; PHPSESSID=5s0t64v9f781lafbtoqagefvs5; PrestaShop-3c2ade0c14ea228fac093064bee52f65=def502001a76d48eb2af537cb916636305f4a89b7d2d469fb0f5732c31bbc7e7a4851909f4d23acd513532e7e0feb5468be310ec2b9b7cbeef8a7a907177b7f06f1787ecea5782a323bac139ced2d7c1263dfb3149d6596d11c26a04a5fbd78c696b2744cca82b5c0c3ccf9ad1856fcd449176e89a51194b7b6d0579f84585b22a2e17f4d96bf881d5d0762a2b9a98761b993dd3335e3a3dec38d4b1432e3300f6f2582eb88c86488c4fe33ff63bb8b4eaeff6e31e007473124c25e7ea4086f7bfe2514c05e10834e340250a0e89dc3fb437f8f338f0bb4f6ab9da4b3ca5064e1fc44a429c5b8ac0072dd19e784f9d666c3aeeae2a8d9064ef6565953203ba9a3e29adf168819712e1bebf0af8f0066396eaa9e15fe35e0a4ed5f9c00a966e7385bf991561ccd9f7224060a3f1c4d45f8f660951; PrestaShop-b90f2108c36da598167041779234808f=def50200cddfc1ef836894054bdefa9f3b8c8b02900d7bda38b079f1eca1387f6a2f87180738eb5f5d89105444848100cdadf439c5b77a3cfec95f35bbcc481032b714d6d7963b6a7d31229baaec0396b55ffc53ab2f500899895dd1aa877d56a24b05c128afd02fb9b407ecf30491c2cda5cbe54c9cd2126003b0be7d9a963b62966551fcc69ebd1c025f316ea2488102b0a907221f9a535a3f4873040fc89bcab97c Connection: keep-alive ajax=1&token=&controller=AdminLogin&submitLogin=1&passwd=pwnhats.htb&email=admin%40pwnhats.htb&redirect=http%3A%2F%2Fwww.pwnhats.htb%2Fadmin530o6uisg%2F%26token%3De44d0ae2213d01986912abc63712a05b

2018-12-10T12:51:55.982891-0800

10.0.2.19

10.0.2.122

ET POLICY Http Client Body contains passwd= in cleartext

2018-12-10T12:52:21.621530-0800

10.0.2.19

10.0.2.122

ET POLICY Http Client Body contains passwd= in cleartext

DNS 0

#		Timestamp	Src Ip	Dest Ip	Dns Type	Resource Record Name	Resource Record Type	Resource Data
No results found.

TLS 1

Showing 1-1 of 1 item.

Timestamp

Source IP

Destination IP

TLS Version

Server Name Indication

2018-12-10T12:54:42.173273-0800

10.0.2.122

10.0.2.19

TLS 1.2

(not set)

TFTP 0

#	Timestamp	Src Ip	Dest Ip	Tftp Packet	Tftp File	Tftp Mode
No results found.

HTTP 46

Showing 1-20 of 46 items.

Timestamp

Source

Hostname

Port

Method

URL

Status

2018-12-10T12:51:00.957202-0800

10.0.2.19

www.pwnhats.htb

GET

/admin530o6uisg/themes/default/css/overrides.css

200

2018-12-10T12:51:00.920005-0800

10.0.2.19

www.pwnhats.htb

GET

/admin530o6uisg/index.php?controller=AdminLogin&token=de267fd50b09d00b04cca76ff620b201

200

2018-12-10T12:51:00.974275-0800

10.0.2.19

www.pwnhats.htb

GET

/js/vendor/spin.js

200

2018-12-10T12:51:00.961491-0800

10.0.2.19

www.pwnhats.htb

GET

/js/jquery/jquery-migrate-1.2.1.min.js

200

2018-12-10T12:51:00.966348-0800

10.0.2.19

www.pwnhats.htb

GET

/admin530o6uisg/themes/default/public/theme.css

200

2018-12-10T12:51:00.974771-0800

10.0.2.19

www.pwnhats.htb

GET

/js/admin/login.js?v=1.7.4.4

200

2018-12-10T12:51:00.964454-0800

10.0.2.19

www.pwnhats.htb

GET

/js/jquery/plugins/jquery.validate.js

200

2018-12-10T12:51:00.971512-0800

10.0.2.19

www.pwnhats.htb

GET

/js/vendor/ladda.js

200

2018-12-10T12:51:00.978482-0800

10.0.2.19

www.pwnhats.htb

GET

/js/jquery/jquery-1.11.0.min.js

200

2018-12-10T12:51:00.980115-0800

10.0.2.19

www.pwnhats.htb

GET

/img/prestashop@2x.png

200

2018-12-10T12:51:01.299361-0800

10.0.2.19

www.pwnhats.htb

GET

/js/jquery/jquery-1.11.0.min.js

200

2018-12-10T12:51:07.653489-0800

10.0.2.19

www.pwnhats.htb

GET

200

2018-12-10T12:51:01.328809-0800

10.0.2.19

www.pwnhats.htb

GET

/js/jquery/jquery-migrate-1.2.1.min.js

200

2018-12-10T12:51:32.779446-0800

10.0.2.19

www.pwnhats.htb

GET

/admin530o6uisg/

302

2018-12-10T12:51:32.833126-0800

10.0.2.19

www.pwnhats.htb

GET

/admin530o6uisg/index.php?controller=AdminLogin&token=de267fd50b09d00b04cca76ff620b201

200

2018-12-10T12:51:01.355200-0800

10.0.2.19

www.pwnhats.htb

GET

/js/jquery/plugins/jquery.validate.js

200

2018-12-10T12:51:00.981080-0800

10.0.2.19

www.pwnhats.htb

GET

/img/preston-login@2x.png

200

2018-12-10T12:51:01.383051-0800

10.0.2.19

www.pwnhats.htb

GET

/js/vendor/spin.js

200

2018-12-10T12:51:24.991797-0800

10.0.2.19

www.pwnhats.htb

GET

/home/23-white-hat.html

200

2018-12-10T12:51:32.970541-0800

10.0.2.19

www.pwnhats.htb

GET

/admin530o6uisg/themes/default/public/theme.css

200

SMB 0

#		Timestamp	Src Ip	Dest Ip	SMB Dialect	Command	Session	Tree
No results found.

SMTP 0

#		Timestamp	Source	Destination	Email From	Email To	Subject
No results found.

Flow 30

Showing 1-20 of 30 items.

Timestamp

Flow Id

Event Type

Source

Source Port

Destination

Destination Port

Protocol

Host

2018-12-10T12:53:25.803903-0800

1837304628576955

flow

10.0.2.19

57336

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1146815626187665

flow

10.0.2.19

36761

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

2001548481667732

flow

10.0.2.122

58758

10.0.2.19

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1584618825089344

flow

10.0.2.122

58756

10.0.2.19

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

2016086942179383

flow

10.0.2.122

44224

10.0.2.19

4444

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1312936371281397

flow

10.0.2.19

36863

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1461241587110145

flow

10.0.2.19

57342

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1890175675992678

flow

10.0.2.19

57340

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1190989359519871

flow

10.0.2.19

57316

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

913766404044656

flow

10.0.2.19

57360

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

2040039969434535

flow

10.0.2.19

57318

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

633498311074056

flow

10.0.2.19

57354

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1478206712840113

flow

10.0.2.19

46007

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1901634653659830

flow

10.0.2.122

44230

10.0.2.19

4444

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

2052821792582712

flow

10.0.2.19

57332

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

1072375253041016

flow

10.0.2.19

41773

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

934670006276399

flow

10.0.2.19

57312

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

934824625509833

flow

10.0.2.19

57344

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

378703674939240

flow

10.0.2.19

44401

10.0.2.122

TCP

pcapanalyzer

2018-12-10T12:53:25.803903-0800

97997492553528

flow

10.0.2.19

57330

10.0.2.122

TCP

pcapanalyzer

File 44

Showing 1-20 of 44 items.

Timestamp

Source

Destination

File Name

File Magic

File Size

2018-12-10T12:51:00.920005-0800

10.0.2.122

10.0.2.19

/admin530o6uisg/index.php

HTML document, ASCII text

6197

2018-12-10T12:51:00.957202-0800

10.0.2.122

10.0.2.19

/admin530o6uisg/themes/default/css/overrides.css

ASCII text

306

2018-12-10T12:51:00.961491-0800

10.0.2.122

10.0.2.19

/js/jquery/jquery-migrate-1.2.1.min.js

ASCII text, with very long lines

7199

2018-12-10T12:51:00.974275-0800

10.0.2.122

10.0.2.19

/js/vendor/spin.js

ASCII text

10196

2018-12-10T12:51:00.966348-0800

10.0.2.122

10.0.2.19

/admin530o6uisg/themes/default/public/theme.css

ASCII text, with very long lines

435107

2018-12-10T12:51:00.974771-0800

10.0.2.122

10.0.2.19

/js/admin/login.js

ASCII text

7900

2018-12-10T12:51:00.964454-0800

10.0.2.122

10.0.2.19

/js/jquery/plugins/jquery.validate.js

UTF-8 Unicode text, with very long lines

21068

2018-12-10T12:51:00.978482-0800

10.0.2.122

10.0.2.19

/js/jquery/jquery-1.11.0.min.js

ASCII text, with very long lines

96381

2018-12-10T12:51:00.971512-0800

10.0.2.122

10.0.2.19

/js/vendor/ladda.js

ASCII text

6490

2018-12-10T12:51:00.980115-0800

10.0.2.122

10.0.2.19

/img/prestashop@2x.png

PNG image data, 246 x 48, 8-bit/color RGBA, interlaced

6315

2018-12-10T12:51:01.299361-0800

10.0.2.122

10.0.2.19

/js/jquery/jquery-1.11.0.min.js

ASCII text, with very long lines

96381

2018-12-10T12:51:07.653489-0800

10.0.2.122

10.0.2.19

HTML document, UTF-8 Unicode text, with very long lines

36521

2018-12-10T12:51:32.833126-0800

10.0.2.122

10.0.2.19

/admin530o6uisg/index.php

HTML document, ASCII text

6197

2018-12-10T12:51:01.328809-0800

10.0.2.122

10.0.2.19

/js/jquery/jquery-migrate-1.2.1.min.js

ASCII text, with very long lines

7199

2018-12-10T12:51:01.355200-0800

10.0.2.122

10.0.2.19

/js/jquery/plugins/jquery.validate.js

UTF-8 Unicode text, with very long lines

21068

2018-12-10T12:51:00.981080-0800

10.0.2.122

10.0.2.19

/img/preston-login@2x.png

PNG image data, 139 x 240, 8-bit/color RGBA, non-interlaced

12316

2018-12-10T12:51:32.970541-0800

10.0.2.122

10.0.2.19

/admin530o6uisg/themes/default/public/theme.css

ASCII text, with very long lines

435107

2018-12-10T12:51:24.991797-0800

10.0.2.122

10.0.2.19

/home/23-white-hat.html

HTML document, UTF-8 Unicode text, with very long lines

41104

2018-12-10T12:51:01.383051-0800

10.0.2.122

10.0.2.19

/js/vendor/spin.js

ASCII text

10196

2018-12-10T12:51:55.899350-0800

10.0.2.19

10.0.2.122

/admin530o6uisg/index.php

ASCII text, with no line terminators

195

Comments	(not set)

Update Download PCAP Delete