OP 28 June, 2024 - 12:25 PM
After bruteforce( many POST requests - "wp-login.php" from host 10.0.1.85) there were a couple of requests admin-ajax.php followed by a response from the server( host - 10.0.1.88). Further Connection is conducted via SSH. Could this signal that the user guessed the admin password? Or is it not related at all?
![[Image: MsNHIBpB.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.sstatic.net%2FMsNHIBpB.png)
![[Image: bZaQACtU.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.sstatic.net%2FbZaQACtU.png)
Then, after ssh connection some values appear in POST request to wp-admin-support, with subsequent request the values change.
![[Image: fzEgx9W6.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.sstatic.net%2FfzEgx9W6.png)
Also I have a question with cookies, if I understand correctly, they are not from a normal user?
![[Image: rUd3tOxk.png]](https://external-content.duckduckgo.com/iu/?u=https%3A%2F%2Fi.sstatic.net%2FrUd3tOxk.png)
Then, after ssh connection some values appear in POST request to wp-admin-support, with subsequent request the values change.
Also I have a question with cookies, if I understand correctly, they are not from a normal user?