Log Files
One of the two most obvious signs of intrusion is the log file. The log file keptby the tinyweb daemon is one of the first places to look into when troubleshooting a problem. Even though the attacker's exploits were successful, the log file keeps a painfully obvious record that something is up.
Log Files
tinywebd Log File
reader@hacking:~/booksrc $ sudo cat /var/log/tinywebd.log 07/25/2007 14:55:45> Starting up. 07/25/2007 14:57:00> From 127.0.0.1:38127 "HEAD / HTTP/1.0" 200 OK 07/25/2007 17:49:14> From 127.0.0.1:50201 "GET / HTTP/1.1" 200 OK 07/25/2007 17:49:14> From 127.0.0.1:50202 "GET /image.jpg HTTP/1.1" 200 OK 07/25/2007 17:49:14> From 127.0.0.1:50203 "GET /favicon.ico HTTP/1.1" 404 Not Found 07/25/2007 17:57:21> Shutting down. 08/01/2007 ...
Get Hacking: The Art of Exploitation, 2nd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.