The Advent of Cyber: Day 3: Log Analysis - Even if I wanted to go, their vulnerabilities wouldn't allow it (TryHackMe)

The Advent of Cyber: Day 3: Log Analysis - Even if I wanted to go, their vulnerabilities wouldn't allow it (TryHackMe)

·

1 min read

In this article, we’ll cover the Log Analysis. Even if I wanted to go, their vulnerabilities wouldn't allow me to write up the log analysis as the Day 3 challenge of the Advent of Cyber event challenge. It was interesting to navigate the Elastic Search, Logstash, and Kibana (ELK) platform and filter different events and logs based on timestamps, IP addresses, and the events, i.e., authentication, process, etc, to investigate a web attack with ELK. We’re still at Wareville for SOC-mas!

Remember, to access the Frosty Pines Resorts website (http://frostypines.thm), you must reference it in your host’s file. On the AttackBox, this can be done by executing the following command in a terminal: echo "MACHINE_IP frostypines.thm" >> /etc/hosts

BLUE: Where was the web shell uploaded to?

  1. Answer format: /directory/directory/directory/filename.php /media/images/rooms/shell.php

  2. BLUE: What IP address accessed the web shell? 10.11.83.34

  3. RED: What is the contents of the flag.txt? THM{Gl1tch_Was_H3r3}

  4. If you liked today's task, you can learn how to harness the power of advanced ELK queries.

This article was of help while going through this challenge.

Thank you for reading this article. Please leave a comment with your thoughts, areas for improvement, other suggestions, and questions. Stay secure until the next one!