Juice Details - Download Task files

What tool did the attacker use? (Order by the occurence in the log)

cat access.log | cut -d'"' -f6-|sort -u

What endpoint was vulnerable to a brute-force attack?

cat access.log | grep -i hydra | grep 200

What endpoint was vulenrable to SQL injection?

cat access.log | grep -i sqlmap | egrep ' 200 '

What parameter was used for the SQL injection?

cat access.log | grep -i sqlmap | egrep ' 200 ' | egrep '\?.\='

What endpoint did the attacker try to use to retrive files?

cat access.log | egrep -i 'POST|GET \/\w{3}'

What section of the website did the attacker use to scrape user email addresses?

cat access.log | grep GET| cut -d'"' -f2|cut -d' ' -f1-2| sort -u| grep -i review

Was their brute-force attack successful? If so, what is the timestamp of the successful login? (Yay/Nay, 11/Apr/2021:09:xx:xx +0000)

cat access.log | grep -i hydra | grep 200| cut -d' ' -f4-5

What user information was the attacker able to retrieve from the endpoint vulnerable to SQL injection?

cat access.log | grep passw

What files did they try to download from the vulnerable endpoint? (endpoint from the previous task, question #5)

cat vsftpd.log | grep -i download| cut -d'"' -f4|tr -d '/'|sort | tr '\n' ','

What service and account name were used to retrieve files from the previous question? (service, username)

cat vsftpd.log | grep -i login

What service and username were used to gain shell access to the server? (service, username)

cat auth.log | grep -i accepted