h4cked Task 1


Download the task files and analyze the pcap file in Wireshark

Right click and follow TCP stream for each section to find out the answers for the questions.

The attacker is trying to log on with a specific username. What is the username?

What is the user’s password?

What is the current FTP working directory after the attacker logged in?

The attacker uploaded a backdoor. What is the backdoor’s filename?

The backdoor can be downloaded from a specific URL, as it is located inside the uploaded file. What is the full URL?

Filter the Wireshark protocols for FTP-DATA and analyze to find the link for the answer.

Which command did the attacker manually execute after getting a reverse shell?

What is the computer’s hostname?

Which command did the attacker execute to spawn a new TTY shell?

Which command was executed to gain a root shell?

The attacker downloaded something from GitHub. What is the name of the GitHub project?

The project can be used to install a stealthy backdoor on the system. It can be very hard to detect. What is this type of backdoor called?