Hi.
I have been given an assignment in which I have to reply for the following five questions. The logs are present separately in a zip file but I do not know how to upload in forum my question is this how proceed with it how to analyse Apache logs, snort logs, firewall capture and wireshark network capture
The Scenario
One of your friends runs a website for his hacking club. He uses the PhpMySport platform
(http//
Task
Given the above description of the scenario, you need to use the logs and capture file provided, along with other resources (e.g. tools and references) to answer the following questions. Your answers must be supported by the evidence identified in the logs and traffic capture.
1. What evidence indicates that someone has targeted this system?
2. What software or attack tools did the attacker(s) use?
3. What information have the attacker(s) collected about the webserver?
4. Did the attacker(s) gain elevated access to the webserver?
5. Did the attacker(s) have any reason to think that this system was vulnerable?
While investigating the network capture, you may make use of filters to extract the packets which interest you. It may also be helpful to rebuild the webpages using appropriate tools.
In this instance, the most appropriate place to ask for support would appear to be from the person who set the assignment, surely?
I agree with Jamie, I'm sure your subject lecturer will point you in the right direction.
However, have a read of a Certified Ethical Hacking study guide and look specifically at Web Server Attacks, that should help somewhat.