Axino.net

Tracking Challenge 2 :: Intruder tracking

by Arxleol on Thursday 15.07.2010, under hellboundhackers.org, tutorial

Second tracking mission requires from us to track down intruder. If you open site you will see that site was defaced by hacker. Notice that on the right side we have links to other pages on this government site.

If you try opening any of these pages you will see that all of them were changed by hacker. Now notice that opening new page appends variable action in the URL. So considering where all actions are saved (probably in system logs). Let’s try accessing that page.

However, when you open index.php?action=logs you will notice message from hacker that he obviously deleted all logs.

But if you check source of the page you will find interesting comment.

<!-- Last logged in user: 174.142.24.201 -->

Now, that we found IP of intruder let’s track it down using: http://www.ipaddresslocation.org/ip-address-locator.php.


Similar Posts:

:, , , , , ,
No comments for this entry yet...

Leave a Reply

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Visit other sites:

Archives