Delete Logs in Hacked System
<h1>Introduction</h1>
<p>Welcome to this new article, today I am going to show you how to clean your traces of a hacked computer, to be able to operate without your commands or your actions within the system are recorded in the system logs.</p>
<p>To demonstrate this I will use two tools, one is created for use in Linux systems, created in Rust, and finally another tool created for use in Windows, created in Powershell.</p>
<p>This type of tool is very useful because if you do not use these tools you leave traces everywhere and logically it is very dangerous for a forensic to start detecting your steps and find you.</p>
<h1>MoonWalk</h1>
<p>This is the first tool, this is the one that is for use on Linux systems and that is created in Rust. This is the repository:</p>
<h2><a href="https://github.com/mufeedvh/moonwalk?source=post_page-----658b3334b804--------------------------------" rel="noopener ugc nofollow" target="_blank">GitHub — mufeedvh/moonwalk: Cover your tracks during Linux Exploitation by leaving zero traces on…</a></h2>
<h3><a href="https://github.com/mufeedvh/moonwalk?source=post_page-----658b3334b804--------------------------------" rel="noopener ugc nofollow" target="_blank">moonwalk is a 400 KB single-binary executable that can clear your traces while penetration testing a Unix machine. It…</a></h3>
<p><a href="https://github.com/mufeedvh/moonwalk?source=post_page-----658b3334b804--------------------------------" rel="noopener ugc nofollow" target="_blank">github.com</a></p>
<p>And this is the description from this tool: (you can see in <strong>readme.md</strong> file in the repository)</p>
<p><strong>moonwalk</strong> is a 400 KB single-binary executable that can clear your traces while penetration testing a <strong>Unix</strong> machine. It saves the state of system logs pre-exploitation and reverts that state including the filesystem timestamps post-exploitation leaving zero traces of a <em>ghost in the shell</em>.</p>
<p>And this are the <strong>features</strong>:</p>
<ul>
<li><strong>Small Executable:</strong> Get started quickly with a <code>curl</code> fetch to your target machine.</li>
<li><strong>Fast:</strong> Performs all session commands including logging, trace clearing, and filesystem operations in under 5 milliseconds.</li>
<li><strong>Reconnaissance:</strong> To save the state of system logs, <code>moonwalk</code> finds a world-writable path and saves the session under a dot directory which is removed upon ending the session.</li>
<li><strong>Shell History:</strong> Instead of clearing the whole history file, <code>moonwalk</code> reverts it back to how it was including the invokation of <code>moonwalk</code>.</li>
<li><strong>Filesystem Timestamps:</strong> Hide from the Blue Team by reverting the access/modify timestamps of files back to how it was using the <code><a href="https://github.com/mufeedvh/moonwalk#usage" rel="noopener ugc nofollow" target="_blank">GET</a></code> command.</li>
</ul>
<p><a href="https://medium.com/@s12deff/delete-logs-in-hacked-system-658b3334b804">Visit Now</a></p>