Tags: forensics
Rating: 3.0
(Author's writeup)
**Goal:**
Find specific data in a logfile.
Eye for detail – i.e. rooot with 3 “o”s
**Tools:**
cat, grep
**Solution:**
1) Reach elroy’s system, login
2) Type “cat /var/log/messages* | grep rooot”
3) You will get:
Jun 13 04:27:49 elroy auth.info passwd: password for rooot changed by root
Jun 13 04:28:04 elroy auth.notice su: + tty1 root:rooot
Jun 13 04:38:28 elroy auth.info sshd[2750]: Accepted password for rooot from 172.18.99.9 port 39884 ssh2
Jun 13 04:38:31 elroy auth.info sshd[2752]: Disconnected from user rooot 172.18.99.9 port 39884
**Flag:**
flag{172.18.99.9}
