SMK Muhammadiyah 2 Palembang
  • Introducation
  • The Basics
    • Basics of linux
    • Bash-scripting
    • Vim - Text Editor
    • Nano - Text Editor
  • Windows
    • Basics of windows
    • PowerShell
    • CMD - Windows commands
  • Scripting With Python
    • Python fundamentals
      • Useful Scripts
    • Transferring Files
      • Transferring Files on Linux
      • Transferring Files to Windows
    • Firewalls
  • Recon and Information Gathering Phase
    • Passive information gathering
    • Identify IP-addresses and Subdomains
      • Dorking Find Subdomains
      • Find Subdomains
      • DNS Basics
      • DNS Zone Transfer Attack
      • Identifying People
      • Search Engine Discovery
      • Active information gathering
      • Port Scanning
  • Vulnerability analysis
    • Server-side Vulnerabilities
      • Port knocking
    • HTTP - Web Vulnerabilities
      • Web-services
      • Common web-services
        • WAF - Web application firewall
          • WAF - Web application firewall
          • Attacking the System
          • Local File Inclusion (LFI)
          • Remote File Inclusion
          • Find hidden files and directories
          • SQL-injections
          • Nosql-injections
          • XML External Entity Attack
          • Bypass File Upload Filtering
          • Exposed Version Control
          • Failure to Restrict URL Access
    • Attacking the user
      • Clickjacking
      • Broken Authentication or Session Management
      • Text/content-injection
      • Subdomain Takeover
      • Cross Site Request Forgery
      • Cross-site-scripting
        • Examples
      • Browser vulnerabilities
      • Java applet
      • Automated Vulnerability Scanners
    • Exploiting
      • Social Engineering - Phishing
      • Default Layout of Apache on Different Versions
      • Shell
      • Webshell
      • Generate shellcode
      • Editing exploits
      • Compiling windows exploits
    • Post Exploitation
      • Spawning shells
      • Meterpreter shell for post-exploitation
      • Privilege Escalation
      • Privilege Escalation Windows
      • Escaping Restricted Shell
      • Bypassing antivirus
      • Loot and Enumerate
        • Loot Windows
        • Loot Linux
      • Persistence - Rootkit - Backdoor
      • Cover your tracks
  • Password Cracking
    • Generate custom wordlist
    • Offline password cracking
    • Online password cracking
    • Pass the hash - reusing hashes
  • Pivoting - Port forwarding - Tunneling
    • Pivoting
  • Network traffic
    • Arp-spoofing - Sniffing traffic
      • SSL-strip
    • DNS-spoofing
    • Wireshark
  • Wifi
    • WPS
    • WEP
  • Physical access to machine
  • Literature
Powered by GitBook
On this page
  • On Linux
  • Shred files
  • On windows
  1. Vulnerability analysis
  2. Post Exploitation

Cover your tracks

http://www.dankalia.com/tutor/01005/0100501003.htm

On Linux

Log files

/etc/syslog.conf

In this file you can read all the logs that syslog log.

On linux systems a lot of logs are stored in:

/var/logs

For example:

/var/log/messages

Here you have failed and successful login attempts. SSH, SUDO, and much more.

/var/log/auth.log

Apache

/var/log/apache2/access.log
/var/log/apache2/error.log

Remove your own ip like this

grep -v '<src-ip-address>' /path/to/access_log > a && mv a /path/to/access_log

What it does is simply to copy all lines except the lines that contain your IP-address. And then move them, and them move them back again.

grep -v <entry-to-remove> <logfile> > /tmp/a ; mv /tmp/a <logfile> ; rm -f /tmp/a

UTMP and WTMP

These logs are not stored in plaintext but instead as binaries. Which makes it a bit harder to clear.

who
last
lastlog

Command history

All your commands are also stored.

echo $HISTFILE
echo $HISTSIZE

You can set your file-size like this to zero, to avoid storing commands.

export HISTSIZE=0

If you set it when you get shell you won't have to worry about cleaning up the history.

Shred files

Shredding files lets you remove files in a more secure way.

shred -zu filename

On windows

Clear env https://www.offensive-security.com/metasploit-unleashed/event-log-management/

PreviousPersistence - Rootkit - BackdoorNextPassword Cracking

Last updated 2 years ago