To access material, start machines and answer questions login.
Introduction
You were hired as a SOC Analyst for one of the biggest Juice Shops in the world and an attacker has made their way into your network.
Your tasks are:
- Figure out what techniques and tools the attacker used
- What endpoints were vulnerable
- What sensitive data was accessed and stolen from the environment
An IT team has sent you a zip file containing logs from the server. Download the attached file, type in "I am ready!" and get to work! There's no time to lose!
Reconnaissance
Analyze the provided log files.
Look carefully at:
- What tools the attacker used
- What endpoints the attacker tried to exploit
- What endpoints were vulnerable
What endpoint was vulnerable to a brute-force attack?
What endpoint was vulnerable to SQL injection?
What parameter was used for the SQL injection?
What endpoint did the attacker try to use to retrieve files? (Include the /)
Stolen data
Analyze the provided log files.
Look carefully at:
- The attacker's movement on the website
- Response codes
- Abnormal query strings
Was their brute-force attack successful? If so, what is the timestamp of the successful login? (Yay/Nay, 11/Apr/2021:09:xx:xx +0000)
What user information was the attacker able to retrieve from the endpoint vulnerable to SQL injection?
What files did they try to download from the vulnerable endpoint? (endpoint from the previous task, question #5)
What service and account name were used to retrieve files from the previous question? (service, username)
What service and username were used to gain shell access to the server? (service, username)
Created by
Room Type
Free Room. Anyone can deploy virtual machines in the room (without being subscribed)!
Users in Room
13,488
Created
1520 days ago
Ready to learn Cyber Security? Create your free account today!
TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.
Already have an account? Log in