HACKR.GG
hackr.gg — LogViewer — Find the Attacker Walkthrough
hackr.gg — Official Walkthrough
Confidential · Educational Use Only

LogViewer — Find the Attacker

Logging & Monitoring · Incident Analysis
Difficulty
Beginner
Vuln class
Incident Analysis
Steps
3
// Objective
Analyse server logs to identify the attacker's IP, the attack type, and the compromised endpoint.
// Tools required
BrowserLogViewer interface
// Step-by-step walkthrough
1
Open the LogViewer interface
Navigate to the LogViewer app. You'll see HTTP access logs. Look for patterns: repeated 4xx errors, unusually high request rates from a single IP, or sequential ID enumeration.
2
Identify the attack pattern
Filter by 200 responses from non-standard IPs. You should see a single IP making hundreds of requests to /api/users/[ID] with incrementing IDs — a classic IDOR enumeration attack.
Command / Input
Search: /api/users | Filter: status=200 | Sort: count DESC
Output
192.168.1.42 made 847 requests to /api/users/* — IDOR enumeration
3
Submit the attacker IP for the flag
Enter the attacker's IP address in the LogViewer flag submission form.
Command / Input
IP: 192.168.1.42
Output
HackrGG{l0g5_r3v34l_th3_4tt4ck3r}
// Flag
Flag value
HackrGG{l0g5_r3v34l_th3_4tt4ck3r}
Revealed when you correctly identify the attacker IP in the log analysis interface.
hackr.gg · Cybersecurity Education PlatformEducational use only · Do not distribute