Tag: Data-Exfiltration | Yw4rf

2025-02-06

WebStrike - Network Forensics of Web Shell Upload and Data Exfiltration

Detailed network forensics writeup analyzing a PCAP file to investigate a web shell incident. The analysis successfully identifies the attack's origin (Tianjin, China), the attacker's User-Agent, and the exploitation of a file upload vulnerability to deploy a malicious web shell ('image.jpg.php' in the /reviews/uploads/ directory). Further investigation reveals the attacker's attempt to establish a reverse shell to port 8080 and the subsequent data exfiltration of the sensitive /etc/passwd file.

CyberDefenders Network-Forensics SOC-Analysis Wireshark Web-Shell File-Upload-Vulnerability Data-Exfiltration Netcat-Reverse-Shell HTTP-POST Geo-Location
2024-12-05

TheStickerShop - Stored XSS Leading to Data Exfiltration

Technical writeup detailing the compromise of TheStickerShop. The primary vulnerability exploited is a Stored Cross-Site Scripting (XSS) vulnerability found in the 'Feedback' form on the Python/Werkzeug web server (8080/tcp). The attack leverages a custom JavaScript payload to bypass a 401 Unauthorized error, fetch the restricted 'flag.txt' file, encode its content in Base64, and exfiltrate the data to an attacker-controlled HTTP server via an Image object request.

TryHackMe XSS Stored-XSS Data-Exfiltration JavaScript-Exploitation Web-Vulnerability HTTP-Server-Exploitation Linux-Exploitation