Question 1
Found an odd packet which is packet 37.
Found this and i decode it.
Data: 55315644564559794d44497a6532467058326c7a58324e7662327839
Found the flag
C1UC2T2023{ai_is_cooo?}
Question 2
Found an odd packet which is packet 216
Found this link in the line-based text data. Then, i copy and paste it in the browser.
*Finding:
The flag is EOMACINAAMA.
Question 3
-
What can an attacker do with each port?
- port 21 - an attacker can attempt to gain unauthorized file access
- port 22 - attackers can perform brute-force attacks to gain remote shell access
- port 80 -attackers can probe for wewb vulnerabilities
- port 139/445 - used for file sharing
-
What vulnerabilities are likely present based on the version?
- vsftpd 2.3.4: Highly likely to contain the Backdoor Command Execution vulnerability
- Windows 7 SP1 (SMB): allows unauthenticated Remote Code Execution
- Apache 2.2.8: Likely vulnerable to various older Denial of Service
-
Which one is the highest risk and why?
- Port 445 (SMB) because it is a Windows 7 machine (likely unpatched), allowing for full system takeover.
-
What attack path can be built from this?
- reconnaisasance
- exploitation
- escalation
-
What should be the remediation?
- Update/Patch: Update vsftpd and Apache to the latest secure versions
- OS Upgrade: Windows 7 is End-of-Life; it should be upgraded to a supported version like Windows 10/11 or a patched Server OS
- Disable Unnecessary Services: Close Port 21 if FTP is not required, and use SFTP (Port 22) instead
Question 4
Image 1 TTL = 64
Image 2 TTL = 255
Image 3 TTL = 128
Question 5
- What is the affected Port number
- 8009
- What is the Affected protocol AJP(Apache JServ Protocol)
- What is the CVSS Score of vulnerability found 9.8 (Critical)
-
Can you find any exploit related to this vulnerability? Yes, there are public exploits (e.g., via Metasploit or Python scripts) that allow an attacker to read arbitrary files from the web server
-
Find CVE for this vulnerability. CVE-2020-1038
