Steeeeeeeler
EasyDigital Forensics
Overview
Our system was found to be vulnerable to XSS. An attacker exploited this vulnerability to gain access to the admin panel and perform unauthorized actions. We need to identify the attacker’s IP address and the username of the affected account.
Flag Format: Flag{ip|username}
Lab Details
Prerequisites & Requirements
- Basic understanding of log analysis
- HTTP request structure
- JWT tokens
- Familiarity with XSS attacks
- Session hijacking concepts
What will you learn?
- Analyzing web server access logs to identify malicious activity
- Detecting session hijacking through JWT token reuse patterns
- Correlating timestamp data to establish attack timelines
- Decoding JWT tokens to extract user information
- Identifying attacker IP addresses through behavioral analysis
Tools
- Python 3 (for log parsing and analysis)
- JWT decoder (jwt.io or similar)
- Text editor or IDE
Job Positions
Soc Analyst
Tags
Web LogsWeb ForensicsTimeline AnalysisRoot Cause AnalysisOs Artifacts