lotte/ChamplainTechJournals
1
Code Activity

migrate to git.charlotte.sh

Browse source
This commit is contained in:
Charlotte Croce 2025-04-19 23:42:08 -04:00
commit fbd588721e
412 changed files with 13750 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

67
automation-sys320/week08/Midterm.ps1 Normal file
View file

@ -0,0 +1,67 @@

# 1. Function to get IOC table from the given web page
function getIOCTable(){
$page = Invoke-WebRequest -TimeoutSec 10 http://10.0.17.5/IOC.html
# get all tr elements
$trs=$page.ParsedHTML.body.getElementsByTagName("tr")
# array to hold results
$IOCTable = @()
for($i=1; $i -lt $trs.length; $i++){
# get every td element of current tr element
$tds= $trs[$i].getElementsByTagName("td")
$IOCTable += [pscustomobject]@{"Pattern" = $tds[0].innerText; "Explanation" = $tds[1].innerText; }
}# for loop end
return $IOCTable
} # function end
# getIOCTable | Format-Table
# 2. function to get Apache Access logs
function getApacheLogs(){
$logs = Get-Content "C:\Users\champuser\SYS320\week8\access.log"
$logTable = @()
for($i=0; $i -lt $logs.Length; $i++){
# split string into words
$words = $logs[$i] -split " "
$logTable += [pscustomobject]@{"IP" = $words[0]; `
"Time" = $words[3].Trim('['); `
"Method" = $words[5].Trim('"'); `
"Page" = $words[6]; `
"Protocol" = $words[7]; `
"Response" = $words[8]; `
"Referrer" = $words[10]; ` }
}# for loop end
return $logTable
} # function end
# getApacheLogs | Format-Table
# 3. get Apache logs, but only display those that have an IOC in the page field
function getIOCLogs(){
$logTable = getApacheLogs
$IOCTable = getIOCTable
$IOCLogTable = @()
for($i = 0; $i -lt $logTable.Count; $i++){
for($j = 0; $j -lt $IOCTable.Count; $j++){
if ($logTable[$i].Page -match $IOCTable[$j].Pattern){
$IOCLogTable += $logTable[$i]
} # if end
} # inner for loop end
} # outer for loop end
return $IOCLogTable
} # function end
getIOCLogs | Format-Table

20
automation-sys320/week08/access.log Normal file
View file

@ -0,0 +1,20 @@
10.0.17.5 - - [04/Mar/2024:13:28:46 -0500] "GET /index.html HTTP/1.1" 404 295 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:13:29:21 -0500] "GET /index.html HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:14:42:42 -0500] "GET /index.php HTTP/1.1" 404 295 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:14:43:07 -0500] "GET /index.php HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:14:43:21 -0500] "GET /index.php?a=1&b=2 HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:14:43:50 -0500] "GET /index.php?cmd=etc/passwd HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:14:44:19 -0500] "GET /index.php?cmd=cat+etc/passwd HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:14:44:52 -0500] "GET /index.php?cmd=/bing/bash+myscript.bash HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:14:45:01 -0500] "GET /index.php?cmd=/bin/bash+myscript.bash HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:14:45:19 -0500] "GET /index.php?cmd=/bin/sh+simplebackdoor.bash HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:14:45:31 -0500] "GET /index.php?/bin/sh+simplebackdoor.bash HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:14:46:03 -0500] "GET /index.php?a=1+OR+1=1-- HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:14:46:12 -0500] "GET /index.php?a=1+OR+1=1- HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:14:46:27 -0500] "GET /index.php?a=1+OR+1=1 HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.5 - - [04/Mar/2024:14:46:47 -0500] "GET /index.php?word=Hello+World HTTP/1.1" 200 758 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36"
10.0.17.6 - - [04/Mar/2024:14:48:39 -0500] "GET / HTTP/1.1" 200 758 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
10.0.17.6 - - [04/Mar/2024:14:48:40 -0500] "GET /favicon.ico HTTP/1.1" 404 295 "http://10.0.17.5/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
10.0.17.6 - - [04/Mar/2024:14:48:50 -0500] "GET /index.html HTTP/1.1" 200 758 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
10.0.17.6 - - [04/Mar/2024:14:49:44 -0500] "GET /index.html?command=/bin/bash/+reverseshell.bash HTTP/1.1" 200 758 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"
10.0.17.6 - - [04/Mar/2024:14:50:24 -0500] "GET /index.html?command=/bin/bash/+midtermcheatdetector.bash HTTP/1.1" 200 758 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:123.0) Gecko/20100101 Firefox/123.0"