Portfolio / Write-Ups / LetsDefend → LetsDefend Challenge

LetsDefend - Http Basic Auth

Created: 26/01/2024 13:30 Last Updated: 05/06/2024 20:40

1ebadb060b33b33f4906f0640a7e9528.png

We receive a log indicating a possible attack, can you gather information from the .pcap file?

Log file: .https://files-ld.s3.us-east-2.amazonaws.com/webserver.em0.zip Pass: 321 /root/Desktop/ChallengeFile/webserver.em0.pcap

Note: pcap file found public resources.

Start Investigation

How many HTTP GET requests are in pcap?

5

be71793331ad1f36cf37e6845839a17b.png

What is the server operating system?

FreeBSD

a8a4b774a6101ba125aa2cac6556064d.png

What is the name and version of the web server software?

Apache/2.2.15

What is the version of OpenSSL running on the server?

OpenSSL/0.9.8n

What is the client's user-agent information?

Lynx/2.8.7rel.1 libwww-FM/2.14 SSL-MM/1.4.1 OpenSSL/0.9.8n

What is the username used for Basic Authentication?

webadmin

6746132e8475a700515a3c7427d37618.png

1634775f864642d8ab79ee57e69b9048.png

What is the user password used for Basic Authentication?

W3b4Dm1n

Summary

There is a basic authentication happened during in this pcap file.

e4ccc3723ebe6783710a4517525081c6.png

Badge Acquired