www_html_dir
EasyDigital Forensics
Overview
An incident occurred in which one of our servers was compromised. The affected host only offered a web service. A file containing a www directory (taken from /var/www) was recovered — our objective is to determine the attacker’s hostname and port. Flag{hostname|port}
Lab Details
Prerequisites & Requirements
- Basic understanding of web application structure
- Familiarity with Linux command-line operations
- Knowledge of PHP syntax and execution
- Understanding of file upload vulnerabilities
- Basic forensic analysis skills
What will you learn?
- Analyzing compromised web server directories
- Identifying malicious uploaded files
- Understanding PHP obfuscation techniques
- Decoding bitwise XOR obfuscation in PHP
- Recognizing reverse shell payloads
- PHP execution operators and shell_exec functionality
- PHAR file format and its security implications
Tools
- Linux command-line utilities (ls, grep, awk, sort)
- Text editor or cat command for file inspection
- Online PHP interpreter (https://onlinephp.io/)
- Web browser for documentation research
Job Positions
Soc Analyst
Tags
Web ForensicsOs ArtifactsAnti ForensicsData RecoveryIncident Response