Port - SMP CTF 2024 - Selection Round

Posted on January 1, 2025 by rahisec

While analyzing the malicious traffics where attacker got control over the server using a shell or back door and he was performing some command execution i noticed that the webserver is communicating with port 1337. so i confirmed this is that port.

Another way is to track that shell. cause he might try to spawn a reverse shell through this initial shell . On that traffic the attacker's ip and the port should be revealed.