Forum Discussion

GusC's avatar
GusC
Icon for Bronze III rankBronze III
2 months ago

CVE-2024-5910 (Palo Alto Expedition) – Defensive

Hello - I'm a bit stuck on 

CVE-2024-5910 (Palo Alto Expedition) – Defensive

I cannot see an obvious answer to 

After attempting to reset the admin credentials, which endpoint did the attacker attempt to connect to next?

any tips on how to complete? 

I'll do the offensive one now just in case that gives me something to pivot off. 

thanks - gus 

 

 

 

defensive cyber
  • BarnyStewart's avatar
    BarnyStewart
    2 months ago

    Hi GusC

    Each time the attacker attempts to reset the admin password (using the PHP file identified in task 2), they access the same endpoint immediately afterwards - which endpoint is it?

    Hope that helps!

  • BarnyStewart's avatar
    BarnyStewart
    Icon for Immerser rankImmerser
    2 months ago

    Hi GusC

    Each time the attacker attempts to reset the admin password (using the PHP file identified in task 2), they access the same endpoint immediately afterwards - which endpoint is it?

    Hope that helps!

    • GusC's avatar
      GusC
      Icon for Bronze III rankBronze III
      2 months ago

      ok got it thanks - I just didn't expect that answer, I was looking for a hostname of some sort.