50-port running critical service

Port running critical service
...

root@53ef41d5da39:/mnt# cat ftp.log  | zeek-grep RETR| zeek-cut id.resp_p command arg fuid 
21      RETR    ftp://172.31.39.46/./.backup    FgMmRQ11qkbBo3KqNd
21      RETR    ftp://172.31.39.46/./fetch.sh   FFyvQZ69UFh3EsEbj
24456   RETR    ftp://172.31.39.46/./.archived.sql      Fjikrz1twh8YRR8H34
24456   RETR    ftp://172.31.39.46/./Tasks to get Done.docx     FYD8L514rIoyQiOZZ3

24456

finding UTC time for above.
...

Pasted image 20231214014051.png

date -d @1679396330.288134
Tue Mar 21 10:58:50 UTC 2023

finding UTC when attacker got access to critical service
...

cat ftp.log | zeek-grep 3.109.209.43 | grep abdul | less -S

Pasted image 20231214014757.png
login-successful time

date -d @1679396401.595583
Tue Mar 21 11:00:01 UTC 2023

OSINT to get ssh password
...

clues ->
Pasted image 20231214020337.png
Forela.

and .reminder file ->

A reminder to clean up the github repo. Some sensitive data could have been leaked from there

https://github.com/forela-finance/forela-dev/

In the commit's i found the password ->
Pasted image 20231214020525.png

YHUIhnollouhdnoamjndlyvbl398782bapd

Pasted image 20231214020601.png

Port running critical service...

finding UTC time for above....

finding UTC when attacker got access to critical service...

OSINT to get ssh password...

Port running critical service
...

finding UTC time for above.
...

finding UTC when attacker got access to critical service
...

OSINT to get ssh password
...