TryHackMe Advent of Cyber 2022 [Day 2] | Karthikeyan Nagaraj

Log Analysis Santa’s Naughty & Nice Log

Advent of Cyber-4 Day 2 — December 2, 2022 ~ Karthikeyan Nagaraj

1. Use the ls command to list the files present in the current directory. How many log files are present?

First of all Connect to the Machine or Attack box

Then type ls Command to List the Files and Folders

Ans: 2

2. Elf McSkidy managed to capture the logs generated by the web server. What is the name of this log file?

Ans: webserver.log

3. Begin investigating the log file from question #3 to answer the following questions.

Ans: No Answer Needed

4. On what day was Santa’s naughty and nice list stolen?

Let’s Investigate the File by Grep

cat webserver.log | grep “friday”

Ans: friday

5. What is the IP address of the attacker?

As the Log File Displays the IP of Attacker

Ans: 10.10.249.191

6. What is the name of the important list that the attacker stole from Santa?

cat webserver.log | grep santa

Ans: santaslist.txt

7. Look through the log files for the flag. The format of the flag is: THM{}

grep -r "THM"

Ans: The Answer is in the Above Image

8. Interested in log analysis? We recommend the Windows Event Logs room or the Endpoint Security Monitoring Module.

Ans: No Answer Needed

Thank you for Reading!!

Happy Hacking ~

Author : Karthikeyan Nagaraj ~ Cyberw1ng

Tryhackme , Tryhackme Advent of Cyber 2022 December 2, Day 2 , Task 7 [Day 2] Log Analysis Santa’s Naughty & Nice Log , Advent of Cyber 2022 Day 2 Answers

From Infosec Writeups: A lot is coming up in the Infosec every day that it’s hard to keep up with. Join our weekly newsletter to get all the latest Infosec trends in the form of 5 articles, 4 Threads, 3 videos, 2 GitHub Repos and tools, and 1 job alert for FREE!