当て身 Atemi

A Cybersecurity blog by shinris3n
👊 Writeups 👊 News 👊 Resources

Part of the Ninpwn Network
shinris3n
<< back

8 August 2020

Who Failed

Challenge Source: Defcon 28 - Red Team Village CTF
Challenge Category: logs

Logs - Who Failed

The challenge seems easy enough:

How many different IP addresses were banned?

However, we don’t want to have to go through and count these manually. Looking at the file, we can see how a ban is formatted:

47da493d350f31e48f33b794498088a1.png

So we can combine grep and sort as such:

cat fail2ban.log | grep -oe "Ban [0-9.]\{11,19\}" | sort --unique

This gives us unique instances of any strings that look like “Ban X.X.X.X” (11 characters) through “Ban XXX.XXX.XXX.XXX” (19 characters), where X is a number between 0 and 9 or a period.

91d5c4fd898f54905c70c7099c98f563.png

With a bigger list we would also probably want to leverage the wc command to count the number of lines. So a complete, single line solution for this challenge could be:

cat fail2ban.log | grep -oe "Ban [0-9.]\{11,19\}" | sort --unique | wc -l

05fbc0787b714dbeaa71cacdc5504dd7.png

Tags: Defcon28-RTVCTF