Steeeeeeeler

S C E N A R I O
Our system was found to be vulnerable to a Cross-Site Scripting (XSS) attack. An attacker exploited this vulnerability to steal a valid JWT session token and gain unauthorized access to the admin panel. Using the compromised session, the attacker performed sensitive operations including account modifications and data exfiltration. Web server access logs were captured during the incident and contain traces of both the legitimate user and the attacker.

O B J E C T I V E
Analyze the provided web server access logs to identify the attacker’s IP address and the compromised username. Detect session hijacking by identifying JWT token reuse across multiple IP addresses, reconstruct the attack timeline, and decode the stolen token to extract user information.
Flag Format: Flag{ip|username}

Provided Files Steeeeeeeler.zip

Infrastructure Downloadable archive

Flag Format Flag{ip|username}