Web Logs

Description

You have access to the logs of a web server exposed to the Internet. Due to its public exposure, various attack attempts are present in the logs.

Find the CWE ID of the successful attack in this web server’s logs (e.g., CWE-79). Give the date the attack was successful (format: MM/DD). Give the requested routes for which the attack was successful. The requests must be in chronological order, separated by hyphens ‘-’ (e.g., /var/log/access.log-/index?params=value).

Note: In this attack, the attacker succeeded in extracting sensitive files.

Flag format: FCSC{CWE-XXXXX-MM/DD-requests}

Files

webserver.log
5.92 MiB – 11e9dbdf8909cc6b03b1b4ceeac8488ce1a40520bf3de7f98744a9fa890be214

Author

mln

Flag

You don't have JavaScript actived. No problem! You can check your flag like this: echo -n 'PUT_THE_FLAG_HERE' | sha256sum # possible output: 454f7a7661b6fe3da389a85c259b15edabdb338d8778d283551d0be632f3d416 # possible output: 6612c581f9d6a2adb476880e4340b45cbe802d557694452638cbefe1eb353707 # possible output: 113185f7a4a91ceaef2f2da02cda39835408f541b5070654642d649e08773913 # possible output: dfe65ce10d741e47c2315c3f0edf4676372bdf7abdef34db87bc95e3e15337c1 # possible output: 6fa0ee58b5f49ba61a17574bc1e38d8afd621e87e7486c538e66a9c55fd14bde # possible output: bddd062c57a987e1737f7c762a9e382eeafbf7303b2fb87898ceda723ab9db58 # possible output: c2a181ac013d1c24b5f939a7ff8238d868311ec270811cce85e1b9f6cb4da6e8 # possible output: 6f57f3e7558ffde0706a570858064b815dcc71b1d1cef48b8847e40fc1078adf # possible output: 947021f50c7459f2344a473877f08f8828c250e3e39aa5e9c12b6cb0c99be1cf # possible output: 599e47d196f3cadd01aff9d9315bf3bdf79ee4dcd6c6cf8404d59ad4e866cd9e # possible output: e7cdbb8ab4ee722535b946970dcd4cea8f3c5c29877c767d079227421eecf846 # possible output: db7ece545ea81086c099e10f0514ea23c52adb427658b4460689719472977a5d # possible output: cec7b937b48ca302a4bae0f8983ec82de5879fa78be09d79a620550381801f15 # possible output: ec028eb026bc96f0832aa071f5da180219e233bf1ec33900f4788a41121754a9

Writeups

There are no public solutions for this challenge yet, but you can submit yours after getting the flag.