Giters

DARKTEMPLE9 / ExploitPcapCollection

collect some exploit traffic pcap

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

ExploitPcapCollection

一、项目介绍

​ 该项目是基于 ATT&CK 框架,对常见攻击手段进行复现后抓包,保留 pcap 的共享仓库,供所有研究流量检测的技术人员使用。

二、项目结构

目前共收集到 52 个流量包文件。

ExploitPcapCollection-master
├── TA0001-Initial_Access
│   └── web
│       ├── dvwa-sqli-writeWebShell.pcap
│       ├── phpmyadmin
│       │   └── phpmyadmin-weakpass-sqli-shell.pcap
│       ├── spring
│       │   └── cve-2022-22947-id.pcap
│       ├── thinkphp
│       │   ├── log4j-cve-2021-44228-queryDNSLOG2.pcap
│       │   ├── log4j-cve-2021-44228-queryDNSLOG.pcap
│       │   ├── testmynids.pcap
│       │   ├── thinkphp-5-rce-get-id.pcap
│       │   ├── thinkphp-5-rce-get-md5(12345).pcap
│       │   ├── thinkphp-5-rce-get-phpinfo.pcap
│       │   ├── thinkphp-5-rce-get-whoami.pcap
│       │   └── thinkphp5.x_rce_printf_1234566_system_id_whoami.pcap
│       ├── tomcat
│       │   └── tomcat-weakpass-uploadWar.pcap
│       ├── TongdaOA
│       │   └── tongdaOA-fu-fli-webshell.pcap
│       ├── weblogic
│       │   └── weblogic-weakpasswd-deploywar.pcap
│       └── webshell
│           └── behinder
│               ├── behinder4.0_default_aes2.pcap
│               ├── behinder4.0_default_aes.pcap
│               ├── behinder4.0_default_base64_xor2.pcap
│               ├── behinder4.0_default_base64_xor.pcap
│               ├── behinder4.0_default_image.pcap
│               ├── behinder4.0_default_json2.pcap
│               ├── behinder4.0_default_json.pcap
│               ├── behinder4.0_default_xor2.pcap
│               ├── behinder4.0_default_xor.pcap
│               ├── behinder4.0_upload_default_aes_aspx.pcap
│               ├── behinder4.0_upload_default_aes_php.pcap
│               ├── behinder4.0_upload_default_image.pcap
│               ├── behinder4.0_upload_default_json.pcap
│               ├── behinder4.0_upload_default_xor_asp.pcap
│               ├── behinder4.0_upload_default_xor_jsp.pcap
│               └── behinder4.0_upload_default_xor_php.pcap
├── TA0004-Privilege_Escalation
│   └── database
│       ├── mssql-brute.pcap
│       └── mssql-xpcmdshell-whoami.pcap
├── TA0007-Discovery
│   └── nbtscan.pcap
├── TA0008-Lateral_Movement
│   └── smb
│       ├── fscan-scan-ms17-010.pcap
│       ├── msf-exploit-ms17-010.pcap
│       ├── msf-scan-ms17-010-patched.pcap
│       ├── msf-scan-ms17-010.pcap
│       └── nmap-scan-ms17-010.pcap
├── TA0011-Command_and_Control
│   ├── chaitin-collie.pcap
│   ├── dns
│   │   └── dns-lemonduck.pcap
│   └── tunnel
│       ├── Lanproxy
│       │   ├── Lanproxy.pcap
│       │   └── LanproxySSL.pcap
│       ├── openvpn
│       │   └── openvpnudp443.pcap
│       ├── socks
│       │   ├── socks4-http-example.pcap
│       │   └── socks5-http-sample.pcap
│       └── Stowaway
│           ├── stowawayHTTPnopasswd.pcap
│           ├── stowawayHTTPpasswdFailed.pcap
│           ├── stowawayHTTPpasswdisabc123.pcap
│           ├── stowawayTCPnopasswd.pcap
│           ├── stowawayTCPpasswdFailed.pcap
│           └── stowawayTCPpasswdisabc123.pcap
└── TA0043-Reconnaissance
    └── appscan.pcap

24 directories, 52 files

About

collect some exploit traffic pcap