Magnet Weekly CTF Challenge Week #8

Part 1

Especially considering last weeks question, we know where to look when we are investigating packages! Jumping into /var/log/apt/history.log there is an entry at the bottom for php. There is a significant jump in the timestamps so this potentially could be the attacker.

Part 2

If I had to take a guess from the get go, the multiple choice answer for web shell makes the most sense, but I wanted to make sure.

  • serving a webpage
  • to run a php webshell
  • create a fake systemd service



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store