Motasem Hamdan / MasterMinds Group
392 прихильники(ів)
Investigating a Hacked PhpMyAdmin Databa ...

Investigating a Hacked PhpMyAdmin Database With The Elastic Stack | TryHackMe Slingshot

May 06, 2024

We covered investigating a cyber incident scenario ,where PhpMyAdmin database was hacked along with its e-commerce website, using the elastic stack (logstash, Kibana and elastic search) and KQL queries. We uncovered the scanner the attacker used to fingerprint the database, the directory enumeration tool and the credential brute-force tool used to gain access to the admin panel of the website. This was part of TryHackMe Slingshot room.

Full post can be found here.

TryHackMe Slingshot Challenge Description

Slingway Inc., a leading toy company, has recently noticed suspicious activity on its e-commerce web server and potential modifications to its database. To investigate the suspicious activity, they’ve hired you as a SOC Analyst to look into the web server logs and uncover any instances of malicious activity.

To aid in your investigation, you’ve received an Elastic Stack instance containing logs from the suspected attack. Below, you’ll find credentials to access the Kibana dashboard. Slingway’s IT staff mentioned that the suspicious activity started on July 26, 2023.

By investigating and answering the questions below, we can create a timeline of events to lead the incident response activity. This will also allow us to present concise and confident findings that answer questions such as:

  • What vulnerabilities did the attacker exploit on the web server?

  • What user accounts were compromised?

  • What data was exfiltrated from the server?

Highlights

What is Elastic Stack?

Elastic stack is the collection of different open source components linked together to help users take the data from any source and in any format and perform a search, analyze and visualize the data in real-time.

Elastic Search

Elasticsearch is a full-text search and analytics engine used to store JSON-formated documents. Elasticsearch is an important component used to store, analyze, perform correlation on the data, etc.
It is built on top of Apache Lucene and provides a scalable solution for full-text search, structured querying, and data analysis.
Elasticsearch supports RESTFul API to interact with the data.

Log Stash

Logstash is a data processing engine used to take the data from different sources, apply the filter on it or normalize it, and then send it to the destination which could be Kibana or a listening port.

Kibana

Kibana is a web-based data visualization that works with elasticsearch to analyze, investigate and visualize the data stream in real-time. It allows the users to create multiple visualizations and dashboards for better visibility.

Room Answers

Room answers with full writeup can be found here.

Full Video WalkThroughs

https://www.youtube.com/watch?v=9ZwZGi1iHRg

Подобається цей допис?

Купити для Motasem Hamdan / MasterMinds Group піца

Більше від Motasem Hamdan / MasterMinds Group

КонфіденційністьУмовиПоскаржитись