Scenario

You were hired as a SOC Analyst for one of the biggest Juice Shops in the world and an attacker has made their way into your network.

Your tasks are:

• Figure out what techniques and tools the attacker used
• What endpoints were vulnerable
• What sensitive data was accessed and stolen from the environment

https://tryhackme.com/room/juicydetails

we are provided with 3 log files

• auth.log:

  Logs authentication-related events

• vsftpd.log:

  Logs FTP server activity

• access.log:

  Logs web server access

most of the lab we will be using access.log

1-What tools did the attacker use? (Order by the occurrence in the log)

nmap, hydra, sqlmap, curl, feroxbuster