What artifact did DEADFACE place onto ESU's website to gain access to the filesystem?
Submit the flag as
Use the files from First Strike.
Continuing on with the access.log analysis from the previous challenge, Iterations, we know there was a successful login from the attacker's IP:
27/Jul/2022:14:37:53 "POST /login.php" 27/Jul/2022:14:37:53 "GET /welcome.php"
Then, according to the logs the attacker utlized the website's file-upload function to upload a PHP file named info.php and then access it via GET and POST:
27/Jul/2022:14:38:09 "POST /file-upload.php" 27/Jul/2022:14:38:21 "GET /uploads/info.php" ... 27/Jul/2022:14:38:44 "POST /uploads/info.php?
The accepted flag was:
Leave a comment