Submission

Challenge:

What artifact did DEADFACE place onto ESU's website to gain access to the filesystem?

Submit the flag as flag{filename}.

Use the files from First Strike.

Solution:

Continuing on with the access.log analysis from the previous challenge, Iterations, we know there was a successful login from the attacker's IP:

27/Jul/2022:14:37:53 "POST /login.php" 
27/Jul/2022:14:37:53 "GET /welcome.php"

Then, according to the logs the attacker utlized the website's file-upload function to upload a PHP file named info.php and then access it via GET and POST:

27/Jul/2022:14:38:09 "POST /file-upload.php"
27/Jul/2022:14:38:21 "GET /uploads/info.php"
...
27/Jul/2022:14:38:44 "POST /uploads/info.php?

The accepted flag was: flag{info.php}