All the makings of a Java Exploit is what it looks like.
Then we saw a com.class coming down at the end here.
We saw some Metasploit looking stuff here we subtle payload class. One thing we saw on that 8080 traffic when we follow TCP stream on it, we saw that this Exploit that Jar file is being pulled down. Just to be clear, if you wanted to filter on traffic on the port, we could add to this filter and just do TCP port 8080. Remember we found that by looking at port 8080 traffic between those. We also saw that it went there, tried to download a page and downloading a Java file named Exploit that Jar. We had figured out that there was definitely some traffic Interesting between 192,168,153, 131 and 177, we saw that 131 apparently thought that 177 was Facebook. You'll get to see how we continue to move this case forward and are able to extract the information that we need from being able to pull out the needed data. This is going to be our continuation of Wireshark.
0 kommentar(er)
