Reto 5 - webDMZ-0c1ca642a1978d19e52885dc243f219c(1).pcap

MD5	0c1ca642a1978d19e52885dc243f219c
Submission Date	2018-11-11 02:56:17
Tags	(not set)

Alert 13

Showing 1-13 of 13 items.

Timestamp

Src Ip

Dest Ip

Alert Signature

2017-11-08T05:44:59.847141-0800

192.168.1.135

255.255.255.255

ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK

2017-11-08T05:45:00.348982-0800

192.168.1.135

255.255.255.255

ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK

2017-11-08T05:45:01.441292-0800

192.168.1.135

255.255.255.255

ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK

2017-11-08T05:45:01.511299-0800

192.168.1.135

255.255.255.255

ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK

2017-11-08T05:45:01.942623-0800

192.168.1.135

255.255.255.255

ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK

2017-11-08T05:45:02.013506-0800

192.168.1.135

255.255.255.255

ET EXPLOIT Possible CVE-2014-6271 exploit attempt via malicious DHCP ACK

2017-11-08T05:45:22.326250-0800

192.168.1.138

192.168.1.104

ET SCAN Possible Nmap User-Agent Observed

2017-11-08T05:45:55.284126-0800

192.168.1.138

192.168.1.104

ET SCAN Possible Nmap User-Agent Observed

2017-11-08T05:46:30.260867-0800

192.168.1.138

192.168.1.104

ET SCAN Possible Nmap User-Agent Observed

2017-11-08T05:46:45.339853-0800

192.168.1.138

192.168.1.104

ET SCAN Possible Nmap User-Agent Observed

2017-11-08T05:47:10.472496-0800

192.168.1.138

192.168.1.104

ET SCAN Possible Nmap User-Agent Observed

2017-11-08T05:48:03.940935-0800

192.168.1.138

192.168.1.104

ET SCAN Possible Nmap User-Agent Observed

2017-11-08T05:48:03.940935-0800

192.168.1.138

192.168.1.104

ET SCAN Possible Nmap User-Agent Observed

DNS 15

Showing 1-15 of 15 items.

Timestamp

Src Ip

Dest Ip

Dns Type

Resource Record Name

Resource Record Type

Resource Data

2017-11-08T05:43:01.736821-0800

192.168.1.135

212.231.6.7

query

app.adjust.com

AAAA

(not set)

2017-11-08T05:43:01.758400-0800

212.231.6.7

192.168.1.135

answer

app.adjust.com

AAAA

(not set)

2017-11-08T05:43:01.759143-0800

192.168.1.135

212.231.6.7

query

app.adjust.com.Home

AAAA

(not set)

2017-11-08T05:43:01.778742-0800

212.231.6.7

192.168.1.135

answer

app.adjust.com.Home

AAAA

(not set)

2017-11-08T05:43:10.310186-0800

192.168.1.135

212.231.6.7

query

tiles-cloudfront.cdn.mozilla.net

(not set)

2017-11-08T05:43:10.336834-0800

192.168.1.135

212.231.6.7

query

dcky6u1m8u6el.cloudfront.net

(not set)

2017-11-08T05:43:10.370342-0800

212.231.6.7

192.168.1.135

answer

dcky6u1m8u6el.cloudfront.net

(not set)

2017-11-08T05:44:10.726698-0800

192.168.1.135

212.231.6.7

query

dcky6u1m8u6el.cloudfront.net

(not set)

2017-11-08T05:44:10.753420-0800

212.231.6.7

192.168.1.135

answer

dcky6u1m8u6el.cloudfront.net

(not set)

2017-11-08T05:44:10.699862-0800

192.168.1.135

212.231.6.7

query

tiles-cloudfront.cdn.mozilla.net

(not set)

2017-11-08T05:44:10.725244-0800

212.231.6.7

192.168.1.135

answer

tiles-cloudfront.cdn.mozilla.net

(not set)

2017-11-08T05:48:08.572437-0800

192.168.1.135

212.231.6.7

query

www.mozilla.org.cdn.cloudflare.net

(not set)

2017-11-08T05:48:08.592808-0800

212.231.6.7

192.168.1.135

answer

www.mozilla.org.cdn.cloudflare.net

(not set)

2017-11-08T05:48:08.546144-0800

192.168.1.135

212.231.6.7

query

www.mozilla.org

(not set)

2017-11-08T05:48:08.571608-0800

212.231.6.7

192.168.1.135

answer

www.mozilla.org

(not set)

TLS 13

Showing 1-13 of 13 items.

Timestamp

Source IP

Destination IP

TLS Version

Server Name Indication

2017-11-08T05:43:01.847461-0800

192.168.1.135

178.162.216.179

TLS 1.2

app.adjust.com

2017-11-08T05:43:09.692840-0800

192.168.1.129

192.168.1.104

UNDETERMINED

192.168.1.104

2017-11-08T05:43:47.844181-0800

192.168.1.129

192.168.1.104

UNDETERMINED

192.168.1.104

2017-11-08T05:44:23.033392-0800

192.168.1.129

192.168.1.104

UNDETERMINED

192.168.1.104

2017-11-08T05:44:53.198581-0800

192.168.1.129

192.168.1.104

UNDETERMINED

192.168.1.104

2017-11-08T05:46:38.905492-0800

192.168.1.135

178.162.219.152

TLS 1.2

app.adjust.com

2017-11-08T05:48:08.648504-0800

192.168.1.135

104.16.40.2

TLS 1.2

www.mozilla.org

2017-11-08T05:48:03.940935-0800

192.168.1.138

192.168.1.104

UNDETERMINED

(not set)

2017-11-08T05:48:03.940935-0800

192.168.1.138

192.168.1.104

UNDETERMINED

(not set)

2017-11-08T05:48:03.940935-0800

192.168.1.138

192.168.1.104

UNDETERMINED

(not set)

2017-11-08T05:48:03.940935-0800

192.168.1.138

192.168.1.104

UNDETERMINED

(not set)

2017-11-08T05:48:03.940935-0800

192.168.1.138

192.168.1.104

UNDETERMINED

(not set)

2017-11-08T05:48:03.940935-0800

192.168.1.138

192.168.1.104

UNDETERMINED

(not set)

TFTP 0

#	Timestamp	Src Ip	Dest Ip	Tftp Packet	Tftp File	Tftp Mode
No results found.

HTTP 33

Showing 1-20 of 33 items.

Timestamp

Source

Hostname

Port

Method

URL

Status

2017-11-08T05:43:09.260967-0800

192.168.1.135

192.168.1.104

8000

GET

200

2017-11-08T05:43:09.692840-0800

192.168.1.135

192.168.1.104

8000

GET

/js/index.js

(not set)

2017-11-08T05:43:09.692840-0800

192.168.1.135

192.168.1.104

8000

GET

/css/style.css

(not set)

2017-11-08T05:43:14.329160-0800

192.168.1.135

(not set)

8000

(not set)

/libhtp::request_uri_not_seen

(not set)

2017-11-08T05:45:44.381611-0800

192.168.1.138

192.168.1.104

8000

POST

/continuum/saveInstallation.action

(not set)

2017-11-08T05:46:35.355986-0800

192.168.1.135

192.168.1.104

8000

GET

/passwd

200

2017-11-08T05:45:58.501451-0800

192.168.1.129

192.168.1.104

8000

HEAD

(not set)

2017-11-08T05:45:58.501451-0800

192.168.1.129

192.168.1.104

8000

HEAD

(not set)

2017-11-08T05:46:21.787526-0800

192.168.1.135

192.168.1.104

8000

GET

/etc/passwd

404

2017-11-08T05:46:21.787526-0800

192.168.1.138

(not set)

8000

GET

(not set)

2017-11-08T05:47:19.209394-0800

192.168.1.129

192.168.1.104

8000

GET

(not set)

2017-11-08T05:47:19.209394-0800

192.168.1.138

192.168.1.104

8000

POST

/continuum/saveInstallation.action

(not set)

2017-11-08T05:47:19.209394-0800

192.168.1.138

(not set)

8000

GET

/nice%20ports%2C/Tri%6Eity.txt%2ebak

(not set)

2017-11-08T05:47:39.151845-0800

192.168.1.138

(not set)

8000

OPTIONS

(not set)

2017-11-08T05:48:03.940935-0800

192.168.1.138

(not set)

8000

OPTIONS

(not set)

2017-11-08T05:48:03.940935-0800

192.168.1.129

192.168.1.104

8000

GET

/misc/drupal.js

(not set)

2017-11-08T05:48:03.940935-0800

192.168.1.129

192.168.1.104

8000

GET

/CHANGELOG.txt

(not set)

2017-11-08T05:48:03.940935-0800

192.168.1.138

192.168.1.104

8000

GET

(not set)

2017-11-08T05:48:03.940935-0800

192.168.1.138

192.168.1.104

8000

GET

(not set)

2017-11-08T05:48:03.940935-0800

192.168.1.138

192.168.1.104

8000

OPTIONS

(not set)

SMB 1

Showing 1-1 of 1 item.

Timestamp

Src Ip

Dest Ip

SMB Dialect

Command

Session

Tree

2017-11-08T05:46:05.077324-0800

192.168.1.138

192.168.1.104

unknown

SMB1_COMMAND_NEGOTIATE_PROTOCOL

SMTP 0

#		Timestamp	Source	Destination	Email From	Email To	Subject
No results found.

Flow 1206

Showing 1-20 of 1,206 items.

Timestamp

Flow Id

Event Type

Source

Source Port

Destination

Destination Port

Protocol

Host

2017-11-08T05:43:09.692840-0800

431564919918747

flow

192.168.1.135

1616

63.245.213.12

TCP

pcapanalyzer

2017-11-08T05:43:09.692840-0800

1588068619222698

flow

192.168.1.135

1615

104.16.40.2

443

TCP

pcapanalyzer

2017-11-08T05:43:09.692840-0800

897467942388445

flow

192.168.1.135

138

192.168.1.255

138

UDP

pcapanalyzer

2017-11-08T05:43:09.692840-0800

632423362936373

flow

192.168.1.135

57526

212.231.6.7

UDP

pcapanalyzer

2017-11-08T05:43:09.692840-0800

72645243485098

flow

192.168.1.135

61093

212.231.6.7

UDP

pcapanalyzer

2017-11-08T05:43:09.692840-0800

497329462228372

flow

192.168.1.135

1609

54.230.62.36

443

TCP

pcapanalyzer

2017-11-08T05:43:09.692840-0800

1487630808675981

flow

192.168.1.135

1618

192.168.1.104

8000

TCP

pcapanalyzer

2017-11-08T05:43:09.692840-0800

1523815907956071

flow

192.168.1.135

64081

212.231.6.7

UDP

pcapanalyzer

2017-11-08T05:43:09.692840-0800

1805939424788686

flow

192.168.1.104

5353

224.0.0.251

5353

UDP

pcapanalyzer

2017-11-08T05:48:03.940935-0800

1556311631118175

flow

192.168.1.135

1610

54.230.62.36

443

TCP

pcapanalyzer

2017-11-08T05:48:03.940935-0800

27183014660560

flow

192.168.1.135

1611

54.230.62.36

443

TCP

pcapanalyzer

2017-11-08T05:48:03.940935-0800

1155363549138278

flow

192.168.1.135

1613

54.230.62.36

443

TCP

pcapanalyzer

2017-11-08T05:48:03.940935-0800

891177963275153

flow

192.168.1.135

1614

54.230.62.36

443

TCP

pcapanalyzer

2017-11-08T05:48:03.940935-0800

72645243445350

flow

212.231.6.7

192.168.1.135

61093

UDP

pcapanalyzer

2017-11-08T05:48:03.940935-0800

497329462196534

flow

54.230.62.36

443

192.168.1.135

1609

TCP

pcapanalyzer

2017-11-08T05:48:03.940935-0800

1654754429028032

flow

192.168.1.135

1612

54.230.62.36

443

TCP

pcapanalyzer

2017-11-08T05:48:03.940935-0800

720283361422821

flow

192.168.1.135

1617

178.162.216.179

443

TCP

pcapanalyzer

2017-11-08T05:48:03.940935-0800

463156554866787

flow

192.168.1.135

1620

192.168.1.104

8000

TCP

pcapanalyzer

2017-11-08T05:48:03.940935-0800

1067628104620663

flow

192.168.1.135

1619

192.168.1.104

8000

TCP

pcapanalyzer

2017-11-08T05:48:03.940935-0800

1829724955784152

flow

192.168.1.138

38461

192.168.1.104

12345

TCP

pcapanalyzer

File 7

Showing 1-7 of 7 items.

Timestamp

Source

Destination

File Name

File Magic

File Size

2017-11-08T05:43:09.260967-0800

192.168.1.104

192.168.1.135

HTML document, ASCII text

1075

2017-11-08T05:43:13.239896-0800

192.168.1.138

192.168.1.104

/continuum/saveInstallation.action

ASCII text, with very long lines, with no line terminators

1013

2017-11-08T05:43:14.329054-0800

192.168.1.104

192.168.1.135

/css/style.css

ASCII text

1252

2017-11-08T05:43:19.351449-0800

192.168.1.104

192.168.1.135

/js/index.js

ASCII text

294

2017-11-08T05:44:12.606451-0800

192.168.1.138

192.168.1.104

/continuum/saveInstallation.action

ASCII text, with very long lines, with no line terminators

1013

2017-11-08T05:46:35.355986-0800

192.168.1.104

192.168.1.135

/passwd

ASCII text

1684

2017-11-08T05:46:21.787526-0800

192.168.1.104

192.168.1.135

/etc/passwd

HTML document, ASCII text

195

Comments	(not set)

Update Download PCAP Delete