Room Banner

Juicy Details

A popular juice shop has been breached! Analyze the logs to see what had happened...

easy

45 min

Room progress ( 0% )

To access material, start machines and answer questions login.

Task 1Introduction

Introduction

                                      

You were hired as a SOC Analyst for one of the biggest Juice Shops in the world and an attacker has made their way into your network. 

Your tasks are:

  • Figure out what techniques and tools the attacker used
  • What endpoints were vulnerable
  • What sensitive data was accessed and stolen from the environment

An IT team has sent you a zip file containing logs from the server. Download the attached file, type in "I am ready!" and get to work! There's no time to lose!

Answer the questions below
Are you ready?

Reconnaissance

                                      

Analyze the provided log files.

Look carefully at:

  • What tools the attacker used
  • What endpoints the attacker tried to exploit
  • What endpoints were vulnerable
Answer the questions below
What tools did the attacker use? (Order by the occurrence in the log)

What endpoint was vulnerable to a brute-force attack?

What endpoint was vulnerable to SQL injection?

What parameter was used for the SQL injection?

What endpoint did the attacker try to use to retrieve files? (Include the /)

Stolen data

                                      

Analyze the provided log files.

Look carefully at:

  • The attacker's movement on the website
  • Response codes
  • Abnormal query strings
Answer the questions below
What section of the website did the attacker use to scrape user email addresses?

Was their brute-force attack successful? If so, what is the timestamp of the successful login? (Yay/Nay, 11/Apr/2021:09:xx:xx +0000)

What user information was the attacker able to retrieve from the endpoint vulnerable to SQL injection?

What files did they try to download from the vulnerable endpoint? (endpoint from the previous task, question #5)

What service and account name were used to retrieve files from the previous question? (service, username)

What service and username were used to gain shell access to the server? (service, username)

Created by

User avatar
GEEZET1

Room Type

Free Room. Anyone can deploy virtual machines in the room (without being subscribed)!

Users in Room

13,488

Created

1520 days ago

Ready to learn Cyber Security? Create your free account today!

TryHackMe provides free online cyber security training to secure jobs & upskill through a fun, interactive learning environment.

Already have an account? Log in

We use cookies to ensure you get the best user experience. For more information contact us.

Read more