SSH

Prompt

Analyze this SSH log file to answer the following questions.

auth.log24.0KB

Walk-Through

This challenge will give you experience doing a manual analysis of an SSH (Secure Shell Protocol) log file. SSH is a service that allows a device to provide remote terminal access.

Questions

What is the hostname of the SSH server that was compromised?

This can be solved by finding the hostname, which is listed directly after the timestamp for each entry in the log.

Oct 11 10:12:00 myraptor sshd[29459]: Server listening on 0.0.0.0 port 22.

What was the first IP address to attack the server?

This can be solved by identifying the IP address of the attacker in the first “Failed password” entries.

Oct 11 10:12:25 myraptor sshd[29465]: Failed password for harvey from 169.139.243.218 port 57273 ssh2

What was the second IP address to attack the server?

This can be solved in the same way as the previous question by looking at the subsequent “Failed password” entries.

What was the third IP address to attack the server?

This can be solved in the same way as the previous question by looking at the subsequent “Failed password” entries.

Which user was targeted in the attack?

This can be solved by identifying the name of the account that had failed password attempts. Search for “Failed password” and then look for the account name.

Oct 11 10:12:25 myraptor sshd[29465]: Failed password for harvey from 169.139.243.218 port 57273 ssh2

From which IP address was the attacker able to successfully log in?

This can be solved by searching for the entry that has “Accepted password”.

Oct 11 10:36:59 myraptor sshd[30003]: Accepted password for harvey from 30.167.206.91 port 55326 ssh2

©️ 2024 Cyber Skyline. All Rights Reserved. Unauthorized reproduction or distribution of this copyrighted work is illegal.