Accuracy: 88.9%
Cyber Command: A local business requested assistance reviewing their application logs. Provide them with assistance and see what you can find out.
Q1 (5 pts) - What is the path of the php file with the most warnings?
~/includes/library/lib_currency.inc.php
Q2 (10 pts) - What is the Internet Service Provider that this website is being hosted on?
Rogers Cable
Q3 (10 pts) - What software platform is this website using?
Litecart
Q4 (10 pts) - How many unique php files are triggering warnings or notices?
4
Q5 (10 pts) - How many events are recorded in this log?
471
Q6 (15 pts) - How many times were bans given out for attempting to visit sensitive webpages?
235
Q7 (25 pts) - How many unique IP addresses were banned for attempting to visit sensitive webpages?
208
Q8 (25 pts) - How many unique URIs did the application ban users for visiting?
13
First thing I did was insert the log file into Copilot. During a gym exercise, I did this for a log, and it actually worked really good. I was unable to get excel/libreoffice to install on my Kali VM for whatever reason. I then had Copilot generate commands to verify the answers before submitting.
Q1 — PHP file with most warnings
grep -oP 'in ~/\S+\.php' Webapp.log | sed 's/in //' | sort | uniq -c | sort -nr | head -1
Q2 — ISP (hostname domain)
grep "Address:" Webapp.log | awk -F'[()]' '{print $2}' | sort -u
Saw rogers.com in the output → Rogers Cable
Q3 — Software platform
grep -oP '~/includes/\S+' Webapp.log | sort -u
Output showed /includes/library/ and /includes/functions/ — structure matches LiteCart
Q4 — Unique PHP files with warnings
grep -oP 'in ~/\S+\.php' Webapp.log | sed 's/in //' | sort -u | wc -l
Q5 — Total events
grep -c '^\[' Webapp.log
Q6 — Number of bans
grep -c "was banned for 12 hours" Webapp.log
Q7 — Unique banned IPs
grep "Address:" Webapp.log | awk '{print $2}' | sort -u | wc -l
Q8 — Unique banned URIs
grep "URI:" Webapp.log | awk -F'URI: ' '{print $2}' | sed 's#^//#/#' | sort -u | wc -l