pastenow
pastenow

Delete Logs in Hacked System

<h1>Introduction</h1> <p>Welcome to this new article, today I am going to show you how to clean your traces of a hacked computer, to be able to operate without your commands or your actions within the system are recorded in the system logs.</p> <p>To demonstrate this I will use two tools, one is created for use in Linux systems, created in Rust, and finally another tool created for use in Windows, created in Powershell.</p> <p>This type of tool is very useful because if you do not use these tools you leave traces everywhere and logically it is very dangerous for a forensic to start detecting your steps and find you.</p> <h1>MoonWalk</h1> <p>This is the first tool, this is the one that is for use on Linux systems and that is created in Rust. This is the repository:</p> <h2><a href="https://github.com/mufeedvh/moonwalk?source=post_page-----658b3334b804--------------------------------" rel="noopener ugc nofollow" target="_blank">GitHub &mdash; mufeedvh/moonwalk: Cover your tracks during Linux Exploitation by leaving zero traces on&hellip;</a></h2> <h3><a href="https://github.com/mufeedvh/moonwalk?source=post_page-----658b3334b804--------------------------------" rel="noopener ugc nofollow" target="_blank">moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It&hellip;</a></h3> <p><a href="https://github.com/mufeedvh/moonwalk?source=post_page-----658b3334b804--------------------------------" rel="noopener ugc nofollow" target="_blank">github.com</a></p> <p>And this is the description from this tool: (you can see in&nbsp;<strong>readme.md</strong>&nbsp;file in the repository)</p> <p><strong>moonwalk</strong>&nbsp;is a 400 KB single-binary executable that can clear your traces while penetration testing a&nbsp;<strong>Unix</strong>&nbsp;machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a&nbsp;<em>ghost in the shell</em>.</p> <p>And this are the&nbsp;<strong>features</strong>:</p> <ul> <li><strong>Small Executable:</strong>&nbsp;Get started quickly with a&nbsp;<code>curl</code>&nbsp;fetch to your target machine.</li> <li><strong>Fast:</strong>&nbsp;Performs all session commands including logging, trace clearing, and filesystem operations in under 5 milliseconds.</li> <li><strong>Reconnaissance:</strong>&nbsp;To save the state of system logs,&nbsp;<code>moonwalk</code>&nbsp;finds a world-writable path and saves the session under a dot directory which is removed upon ending the session.</li> <li><strong>Shell History:</strong>&nbsp;Instead of clearing the whole history file,&nbsp;<code>moonwalk</code>&nbsp;reverts it back to how it was including the invokation of&nbsp;<code>moonwalk</code>.</li> <li><strong>Filesystem Timestamps:</strong>&nbsp;Hide from the Blue Team by reverting the access/modify timestamps of files back to how it was using the&nbsp;<code><a href="https://github.com/mufeedvh/moonwalk#usage" rel="noopener ugc nofollow" target="_blank">GET</a></code>&nbsp;command.</li> </ul> <p><a href="https://medium.com/@s12deff/delete-logs-in-hacked-system-658b3334b804">Visit Now</a></p>
Tags: System Hacked