![]() "b374k" is a popular web shell and hence this file is purely suspicious. ![]() If we clearly observe, there is a file named "b374k.php" being accessed. I have applied a filter on the column that is specifying the file being accessed by the client. The following screenshot shows the same access.log file opened in Microsoft Excel. In some instances, we can gain access to all the other sites hosted on the same server using web shells. Web shells give complete control of the server. Web shells are another problem for websites/servers. This comes handy when we don't have a log-parsing tool.Īside from these keywords, it is highly important to have basic knowledge of HTTP status codes during an analysis.īelow is the table that shows high-level information about HTTP status codes. We can open the log file using Excel by specifying "space" as a delimiter. Microsoft Excel is also a great tool to open the log file and analyze the logs. So, looking at such requests in the logs, we can determine what's going on. Automated scanners are noisy and they use vendor-specific payloads when testing an application.įor example, IBM appscan uses the word "appscan" in many payloads. In many cases, it is easy to recognize if the logs are sent from an automated scanner. These requests are generated from an automated tool. In the following figure, we are searching for requests that try to read "/etc/passwd", which is obviously a Local File Inclusion attempt.Īs shown in the above screenshot, we have many requests trying for LFI, and these are sent from the IP address 127.0.0.1. Similarly, we can search for specific requests when we have the keywords with us. It is obvious that someone with the IP address 192.168.56.105 has attempted SQL Injection. In the following figure, we are trying to search for all the requests that have the keyword "union" in the URL.įrom the figure above, we can see the query " union select 1,2,3,4,5" in the URL. In cases of logs with a smaller size, or if we are looking for a specific keyword, then we can spend some time observing the logs manually using things like grep expressions. In the next section, we will see how we can analyze the Apache server's access logs to figure out if there are any attacks being attempted on the website. We also need to analyze the logs for proper results. Logging is just a process of storing the logs in the server. The default location of Apache server logs on Debian systems is It is always recommended to maintain logs on a webserver for various obvious reasons. Now let us see various cases in analyzing the logs. With the above setup, I have scanned the URL of this vulnerable application using few automated tools (ZAP, w3af) available in Kali Linux. ![]() I have developed a vulnerable web application using PHP and hosted it in the above mentioned Apache-MySQL. This can be started using the following command:Ī vulnerable web application built using PHP-MySQL This article covers the basic concepts of log analysis to provide solutions to the above-mentioned scenarios.įor demo purposes, I have the following setup. People who are just beginning with hacking/penetration testing must understand why they should not test/scan websites without prior permission. To present the Apache access logs file in the terminal, navigate to the Apache log directory by running the “ cd” command.Apart from this, there are other scenarios as well.įor an administrator, it is really important to understand how to analyze the logs from a security standpoint. To install Apache, follow our article “ How to Install Apache in Ubuntu”.Įxample 1: Using the cd Command to Navigate and View Apache Access Logs Method 1: Accessing Apache Logs Using Terminalīefore accessing the log file, it is necessary that Apache is already installed in the operating system. By default, the access log files are usually stored in the “ /var/log/apache2” directory on Ubuntu systems. The location of this file depends on the configuration of the Apache server. Where are Apache File Access Logs Stored in Ubuntu?Īpache file access logs are stored in a file called “ access.log“. Method 2: Accessing Apache Logs Using Log Viewer.Method 1: Accessing Apache Logs Using Terminal.Where are Apache File Access Logs Stored in Ubuntu?.This article will illustrate different ways to find Apache file access logs stored in Ubuntu. These log files are essential for website administrators to monitor traffic, diagnose issues, and analyze website usage. Apache stores various information related to the web server in log files, such as access.log, error.log, etc. It is free and open-source software on various operating systems, including Ubuntu. Apache is a popular web server software that serves different web pages and other content on the Internet.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |