Sometimes, we may need to analyse behavior of a suspicious file like “Exploit.class”.
Once the downloading completes, Java executes the malicious file. See the details below.Īs you see in the screenshot above, the content type is a java file. Once the malicious web server receives the http GET request, it creates a response that contains “ Exploit.class” file and sends it back to the application. The next packet is the request that asks for “ Exploit.class”. The first 3 packets belong to the TCP 3-way handshaking. See the details below.Īfter filtering the packets that uses TCP port 8000, I obtained the traffic between the vulnerable application and the malicious web server. The application craft a http GET request to the malicious web server for downloading “ Exploit.class” file. ALSO READ: How to properly update kernel in RHEL/CentOS 7/8 Linux
0 kommentar(er)
