This challenge takes you into the world of virtual systems and confusing log data. In this challenge, figure out what happened to this webserver honeypot using the logs from a possibly compromised server.

 

Thanks, th3c0rt3x for reviewing the challenge.

# Question Weight Solved
1 Which service did the attackers use to gain access to the system? 50 170

2 What is the operating system of the targeted system? 50 148

3 What is the name of the compromised account? 50 161

4 How many attackers failed in gaining access? 50 87

5 Consider that each unique IP represents a different attacker. How many attackers were able to get access to the system? 50 102

6 Which IP address successfully logged into the system the most number of times? 100 123

7 How many requests were sent to the Apache Server? 100 107

8 How many rules have been added to the firewall? 100 109

9 One of the downloaded files to the target system is a scanning tool. Provide the tool name. 100 118

10 When was the last login from the attacker with IP 219.150.161.20? 100 93

11 The database displayed two warning messages, provide the most important and dangerous one. 150 107

12 Multiple accounts were created on the target system. Which one was created on Apr 26 04:43:15? 150 119

13 Few attackers were using a proxy to run their scans. What is the corresponding user-agent used by this proxy? 200 105