Wimdows 1 - author: deltabluejay - forensics

WriteUp: ap10

The first step of this challenge is to load the provided .ova file into VirtualBox.

To view all established network connections, run:

netstat -ano | findstr ESTABLISHED

After doing so, we observe three processes running with PIDs 1484, 2412, and 4552.

To inspect a specific process, execute:

wmic process where ProcessId=1484 get Name,ExecutablePath,CommandLine

For this process, we find that it is Elasticsearch 1.1.1.

Given this version of Elasticsearch, the relevant vulnerability is CVE-2014-3120