What was the first command executed in the web shell?
ls
What file was read in the web shell?
passwd
What was the new URL path added by the attacker?
/webshell
What was the unique ID, generated to protect against another kind of attack, in the URI when the attacker's web shell was uploaded?
BC04A9080C049AEAC6845F55AA305AE4
What account did they log in to?
admin
What was the name of the .css file that loaded when the attacker finally logged in?
manager.css
What response code was returned when the login was being brute forced?
401
Which vulnerability scanner was used by the attacker?
nikto