Linux Server Forensics | TryHackme

Hey guys!!

Back again with another blog. This time am not going to solve any type of vulnerable machines or challenges. This blog contains the answer of TryHackme’s room — “Linux Server Forensics”

So lets start our blog without wasting the time…

Apache Log Analysis I

How many different tools made requests to the server?

Answer : 2

Name a path requested by Nmap.

Answer : /nmaplowercheck1618912425

Web Server Analysis

What page allows users to upload files?

Answer : contact.php

What IP uploaded files to the server?

192.168.56.24

Who left an exposed security notice on the server?

Fred

Persistence Mechanisms I

What command and option did the attacker use to establish a backdoor?

Answer : sh -i

User Accounts

What is the password of the second root account?

Answer : mrcake

Apache Log Analysis II

Name one of the non-standard HTTP Requests.

Answer : GXWR

At what time was the Nmap scan performed? (format: HH:MM:SS)

Answer : 13:30:15

Persistence Mechanisms II

What username and hostname combination can be found in one of the authorized_keys files? (format: username@hostname)

Answer : kali@kali

Program Execution History

What is the first command present in root’s bash_history file?

Answer : nano /etc/passwd

Persistence Mechanisms III

Figure out what’s going on and find the flag.

Answer : !!!! Do it yourself !!!

Thanks for reading.

For any queries just dm me on Instagram @ig._.anshu