The Advent of Cyber: Day 3: Log Analysis - Even if I wanted to go, their vulnerabilities wouldn't allow it (TryHackMe)

J3bitokJ3bitok
1 min read

In this article, we’ll cover the Log Analysis. Even if I wanted to go, their vulnerabilities wouldn't allow me to write up the log analysis as the Day 3 challenge of the Advent of Cyber event challenge. It was interesting to navigate the Elastic Search, Logstash, and Kibana (ELK) platform and filter different events and logs based on timestamps, IP addresses, and the events, i.e., authentication, process, etc, to investigate a web attack with ELK. We’re still at Wareville for SOC-mas!

Remember, to access the Frosty Pines Resorts website (http://frostypines.thm), you must reference it in your host’s file. On the AttackBox, this can be done by executing the following command in a terminal: echo "MACHINE_IP frostypines.thm" >> /etc/hosts

BLUE: Where was the web shell uploaded to?

  1. Answer format: /directory/directory/directory/filename.php /media/images/rooms/shell.php

  2. BLUE: What IP address accessed the web shell? 10.11.83.34

  3. RED: What is the contents of the flag.txt? THM{Gl1tch_Was_H3r3}

  4. If you liked today's task, you can learn how to harness the power of advanced ELK queries.

This article was of help while going through this challenge.

Thank you for reading this article. Please leave a comment with your thoughts, areas for improvement, other suggestions, and questions. Stay secure until the next one!

0
Subscribe to my newsletter

Read articles from J3bitok directly inside your inbox. Subscribe to the newsletter, and don't miss out.

LogAnalysisAdventOfCyber2024tryhackmeWrite Up

Written by

J3bitok
J3bitok

Software Developer Learning Cloud and Cybersecurity Open for roles * If you're in the early stages of your career in software development (student or still looking for an entry-level role) and in need of mentorship you can book a session with me on Mentorlst.com.