Linux Server Forensics | TryHackme
Hey guys!!
Back again with another blog. This time am not going to solve any type of vulnerable machines or challenges. This blog contains the answer of TryHackme’s room — “Linux Server Forensics”
So lets start our blog without wasting the time…
Apache Log Analysis I
How many different tools made requests to the server?
Answer : 2
Name a path requested by Nmap.
Answer : /nmaplowercheck1618912425
Web Server Analysis
What page allows users to upload files?
Answer : contact.php
What IP uploaded files to the server?
192.168.56.24
Who left an exposed security notice on the server?
Fred
Persistence Mechanisms I
What command and option did the attacker use to establish a backdoor?
Answer : sh -i
User Accounts
What is the password of the second root account?
Answer : mrcake
Apache Log Analysis II
Name one of the non-standard HTTP Requests.
Answer : GXWR
At what time was the Nmap scan performed? (format: HH:MM:SS)
Answer : 13:30:15
Persistence Mechanisms II
What username and hostname combination can be found in one of the authorized_keys files? (format: username@hostname)
Answer : kali@kali
Program Execution History
What is the first command present in root’s bash_history file?
Answer : nano /etc/passwd
Persistence Mechanisms III
Figure out what’s going on and find the flag.
Answer : !!!! Do it yourself !!!
Thanks for reading.
For any queries just dm me on Instagram @ig._.anshu