Investigate Web Attack

mriad · November 21, 2024, 6:56pm

Hello,

https://app.letsdefend.io/challenge/investigate-web-attack

I have a question regarding this challenge. There is a log file named access.log and there are thousands of row in the file. After directory enumeration phase and between the rows 400-600 there exists multiple recordings of logs like below.

192.168.199.2 - - [20/Jun/2021:12:36:31 +0300] “GET /bwapp/authLogin.cgi HTTP/1.1” 404 300 “() { ; } >[$($())] { echo Nikto-Added-CVE-2014-6278: true; echo;echo; }” “() { :; }; echo Nikto-Added-CVE-2014-6271: true;echo;echo;”

I thought this was a command injection attack but it is not covered in the questions at all. Could you assist me with this ?

Thank you for your time.

suhailss34 · November 27, 2024, 10:02am

it is a code injection command and in letsdefend we only taught to defend again them, so there’'s no point of being going in detail over the attack, you just have to know the pattern and how to find them which is being taught quite well in this lesson. If you want to know more about this code then it will be not be covered in letsdefend, and will be available to practice in a read team platform.

Topic		Replies	Views
FAQ: Detecting Command Injection Attacks Help command-injection	0	224	January 22, 2024
Help me the lab in "Live Memory Analysis - 1" Incident Responder	1	94	October 24, 2024
FAQ: Detecting Cross Site Scripting (XSS) Attacks Help xss-attacks	0	186	January 22, 2024
FAQ: Log Management Help log-management	6	593	November 12, 2024
Issue of event-log-analysis questions Courses	2	195	June 17, 2024

Investigate Web Attack

Related topics