# WordPress - 1  
[Easy]

Our WordPress site has experienced a security breach, and the precise method
of compromise remains undetermined at present. We need you help to investigate
what actually happened.

Q1. There were two attackers attempting to compromise our environment. What is
the IP address of the victim, and what is the IP address of the first
attacker?  
Q2. What are the versions of the Apache and PHP servers deployed in our
environment?

Flag Format `0xL4ugh{A1_A2}`

Example: `0xL4ugh{IP1_IP2_apache1.2.3_php1.2.3}(no spaces)`

\---

Solution:

We were given a `Wordpress.pcapng` file.

Filtering via `http.request`...we can see a suspicious requests coming from
`192.168.204.132`

![image](https://github.com/pspspsps-
ctf/writeups/raw/main/2024/0xL4ugh%20CTF%202024/Forensics/Wordpress/1/1_1.png)

So that is most likely our first attacker.

Now, to answer Q2, let's scroll up a bit.

![image](https://github.com/pspspsps-
ctf/writeups/raw/main/2024/0xL4ugh%20CTF%202024/Forensics/Wordpress/1/1_2.png)

Following the HTTP stream will give the answer that we need.

![image](https://github.com/pspspsps-
ctf/writeups/raw/main/2024/0xL4ugh%20CTF%202024/Forensics/Wordpress/1/1_3.png)

Flag: `0xL4ugh{192.168.204.128_192.168.204.132_apache2.4.58_php8.2.12}`  

Original writeup (https://github.com/pspspsps-
ctf/writeups/tree/main/2024/0xL4ugh%20CTF%202024/Forensics/Wordpress/1).# WordPress - 1  
[Easy]

Our WordPress site has experienced a security breach, and the precise method
of compromise remains undetermined at present. We need you help to investigate
what actually happened.

Q1. There were two attackers attempting to compromise our environment. What is
the IP address of the victim, and what is the IP address of the first
attacker?  
Q2. What are the versions of the Apache and PHP servers deployed in our
environment?

Flag Format `0xL4ugh{A1_A2}`

Example: `0xL4ugh{IP1_IP2_apache1.2.3_php1.2.3}(no spaces)`

\---

Solution:

We were given a `Wordpress.pcapng` file.

Filtering via `http.request`...we can see a suspicious requests coming from
`192.168.204.132`

![image](https://github.com/pspspsps-
ctf/writeups/raw/main/2024/0xL4ugh%20CTF%202024/Forensics/Wordpress/1/1_1.png)

So that is most likely our first attacker.

Now, to answer Q2, let's scroll up a bit.

![image](https://github.com/pspspsps-
ctf/writeups/raw/main/2024/0xL4ugh%20CTF%202024/Forensics/Wordpress/1/1_2.png)

Following the HTTP stream will give the answer that we need.

![image](https://github.com/pspspsps-
ctf/writeups/raw/main/2024/0xL4ugh%20CTF%202024/Forensics/Wordpress/1/1_3.png)

Flag: `0xL4ugh{192.168.204.128_192.168.204.132_apache2.4.58_php8.2.12}`  

Original writeup (https://github.com/pspspsps-
ctf/writeups/tree/main/2024/0xL4ugh%20CTF%202024/Forensics/Wordpress/1).# WordPress - 1  
[Easy]

Our WordPress site has experienced a security breach, and the precise method
of compromise remains undetermined at present. We need you help to investigate
what actually happened.

Q1. There were two attackers attempting to compromise our environment. What is
the IP address of the victim, and what is the IP address of the first
attacker?  
Q2. What are the versions of the Apache and PHP servers deployed in our
environment?

Flag Format `0xL4ugh{A1_A2}`

Example: `0xL4ugh{IP1_IP2_apache1.2.3_php1.2.3}(no spaces)`

\---

Solution:

We were given a `Wordpress.pcapng` file.

Filtering via `http.request`...we can see a suspicious requests coming from
`192.168.204.132`

![image](https://github.com/pspspsps-
ctf/writeups/raw/main/2024/0xL4ugh%20CTF%202024/Forensics/Wordpress/1/1_1.png)

So that is most likely our first attacker.

Now, to answer Q2, let's scroll up a bit.

![image](https://github.com/pspspsps-
ctf/writeups/raw/main/2024/0xL4ugh%20CTF%202024/Forensics/Wordpress/1/1_2.png)

Following the HTTP stream will give the answer that we need.

![image](https://github.com/pspspsps-
ctf/writeups/raw/main/2024/0xL4ugh%20CTF%202024/Forensics/Wordpress/1/1_3.png)

Flag: `0xL4ugh{192.168.204.128_192.168.204.132_apache2.4.58_php8.2.12}`  

Original writeup (https://github.com/pspspsps-
ctf/writeups/tree/main/2024/0xL4ugh%20CTF%202024/Forensics/Wordpress/1).