You are a cybersecurity analyst working in the Security Operations Center (SOC) of BookWorld, an expansive online bookstore renowned for its vast selection of literature. BookWorld prides itself on providing a seamless and secure shopping experience for book enthusiasts around the globe. Recently, you've been tasked with reinforcing the company's cybersecurity posture, monitoring network traffic, and ensuring that the digital environment remains safe from threats.
Late one evening, an automated alert is triggered by an unusual spike in database queries and server resource usage, indicating potential malicious activity. This anomaly raises concerns about the integrity of BookWorld's customer data and internal systems, prompting an immediate and thorough investigation.
As the lead analyst in this case, you are required to analyze the network traffic to uncover the nature of the suspicious activity. Your objectives include identifying the attack vector, assessing the scope of any potential data breach, and determining if the attacker gained further access to BookWorld's internal systems.
**https://cyberdefenders.org/blueteam-ctf-challenges/web-investigation/**
high amount of packets and bytes exchanged between these addresses and 111.224.250.131 is an external ip address
filtering with the ip address we can see multiple GET requests but some stand out as a SQL injection attack targets search.php
based on this we confirm the attack ip is 111.224.250.131 and the target server ip is 73.124.22.98
