Show and Prove

Show off your log analysis skills! Find the access time for the largest file that was successfully downloaded by the IP with the most successful requests. (UTC+0)

Flag format : CDDC24{YYYYMMDD_hh:mm:ss}

We were given this log file

45MB

access.log

Open

With the help of ChatGPT, I was able to whip up this script to solve the challenge with

import re
from collections import defaultdict

def extract_info(line):
    pattern = r'(\d+\.\d+\.\d+\.\d+) .*? \[(.*?)\] "[A-Z]+ ([^ ]+) .*" (\d+) (\d+)'
    match = re.match(pattern, line)
    if match:
        ip = match.group(1)
        timestamp = match.group(2)
        file_size = int(match.group(5))
        status_code = int(match.group(4))
        return ip, timestamp, file_size, status_code
    else:
        return None

log_file = 'access.log'
ip_requests = defaultdict(list)
with open(log_file, 'r') as file:
    for line in file:
        info = extract_info(line)
        if info:
            ip, timestamp, file_size, status_code = info
            if status_code == 200:
                ip_requests[ip].append((timestamp, file_size))
                
most_requests_ip = max(ip_requests, key=lambda x: len(ip_requests[x]))
largest_file_access_time = None
largest_file_size = 0
for timestamp, file_size in ip_requests[most_requests_ip]:
    if file_size > largest_file_size:
        largest_file_size = file_size
        largest_file_access_time = timestamp

print("Access time for the largest file downloaded by the IP with the most successful requests:")
print(largest_file_access_time)

The output being

13/Apr/2024:13:02:27 +0000

Thus the flag being CDDC24{20240413:13:02:27}