We detected some web attacks and need to do deep investigation.

Challenge File: /root/Desktop/ChallengeFile/access.log

Walkthroughs:

Questions:

Which automated scan tool did attacker use for web reconnaissance? Nikto saw it in user agent header sayiong nikto

After web reconnaissance activity, which technique did attacker use for directory listing discovery? -Directory brute force. This combination of high volume, rapid-fire requests to predictable and sensitive paths, coupled with largely negative (404/403) responses, is characteristic of an automated forced Browse or brute-force directory/file enumeration attack, where the attacker is systematically trying to discover hidden resources.

image.png

What is the third attack type after directory listing discovery? -Brute Force LOTS OF POST 200 REQUEST and same detail of size and time and date and login.php

1_X4VA-G6dItPy4MrEERD8WQ.webp

a

200

200

302

302

What is the name of fourth attack?

![ In the logs, the attacker was inserting system('whoami'), system('net user'), and system('net share') into the message parameter. The system() function in PHP (a common server-side scripting language) is designed to execute operating system commands. By successfully manipulating the input to execute these commands, the attacker is effectively injecting executable code (OS commands) into the application's runtime.

](attachment:1a7d51f3-39af-4729-ad5a-14858b7b3bb2:image.png)

In the logs, the attacker was inserting system('whoami'), system('net user'), and system('net share') into the message parameter. The system() function in PHP (a common server-side scripting language) is designed to execute operating system commands. By successfully manipulating the input to execute these commands, the attacker is effectively injecting executable code (OS commands) into the application's runtime.