log analysis of apa...
 
Notifications
Clear all

log analysis of apache webserver,firewall,snort logs wiresh

3 Posts
3 Users
0 Likes
365 Views
(@ofaheemaus)
Posts: 3
New Member
Topic starter
 

Hi.

I have been given an assignment in which I have to reply for the following five questions. The logs are present separately in a zip file but I do not know how to upload in forum my question is this how proceed with it how to analyse Apache logs, snort logs, firewall capture and wireshark network capture

The Scenario
One of your friends runs a website for his hacking club. He uses the PhpMySport platform
(http//phpmysport.sourceforge.net/en/) for creating and managing the site. He thinks someone has hacked the site, but he is not sure. Everything appears to be working normally but he has found some strange entries in the webserver, firewall and IDS logs. When he noticed the IDS and firewall alerts he used tcpdump to capture network traffic to the webserver (on the webserver side of the firewall).

Task
Given the above description of the scenario, you need to use the logs and capture file provided, along with other resources (e.g. tools and references) to answer the following questions. Your answers must be supported by the evidence identified in the logs and traffic capture.

1. What evidence indicates that someone has targeted this system?
2. What software or attack tools did the attacker(s) use?
3. What information have the attacker(s) collected about the webserver?
4. Did the attacker(s) gain elevated access to the webserver?
5. Did the attacker(s) have any reason to think that this system was vulnerable?

While investigating the network capture, you may make use of filters to extract the packets which interest you. It may also be helpful to rebuild the webpages using appropriate tools.

 
Posted : 26/05/2015 1:59 pm
Jamie
(@jamie)
Posts: 1288
Moderator
 

In this instance, the most appropriate place to ask for support would appear to be from the person who set the assignment, surely?

 
Posted : 26/05/2015 2:05 pm
(@kelash108)
Posts: 18
Active Member
 

I agree with Jamie, I'm sure your subject lecturer will point you in the right direction.

However, have a read of a Certified Ethical Hacking study guide and look specifically at Web Server Attacks, that should help somewhat.

 
Posted : 26/05/2015 2:39 pm
Share: