Forum Discussion

Icon for Bronze III rank

Bronze III

9 months ago

Solved

CVE-2024-5910 (Palo Alto Expedition) – Defensive

Hello - I'm a bit stuck on

CVE-2024-5910 (Palo Alto Expedition) – Defensive

I cannot see an obvious answer to

After attempting to reset the admin credentials, which endpoint did the attacker attempt to connect to next?

any tips on how to complete?

I'll do the offensive one now just in case that gives me something to pivot off.

thanks - gus

defensive cyber

BarnyStewart
9 months ago
Hi GusC

Each time the attacker attempts to reset the admin password (using the PHP file identified in task 2), they access the same endpoint immediately afterwards - which endpoint is it?

Hope that helps!

4 Replies

BarnyStewart
Immerser
9 months ago
Hi GusC

Each time the attacker attempts to reset the admin password (using the PHP file identified in task 2), they access the same endpoint immediately afterwards - which endpoint is it?

Hope that helps!
- GusC
  Bronze III
  9 months ago
  ok got it thanks - I just didn't expect that answer, I was looking for a hostname of some sort.
TillyCorless
Community Manager
9 months ago
Hi GusC , I'll speak with the lab author and come back to you.

Thanks!
- veryk
  Bronze II
  2 months ago
  I agree with GusC here, I was looking for an end point, hostname, URL, not what the answer was. Not until I read your hint did I even think about that could be the answer. Endpoint shouldn't be used and swapped out with what the answer is or at least added in to the question.