DataPhreak Posted April 3, 2013 Share Posted April 3, 2013 Okay, so just about every guide or tutorial out there tells you to "Cover your tracks" and "Clean the logs" but never have I ever found a guide that tells you what you need to be cleaning after compromising a windows machine. If anyone has a guide on the topic, I'd love a link. Otherwise, lets assume a windows machine is compromised with meterpreter after a browser attack, we set up persistence, pass the hash, and pivot. Maybe take a shot from the webcam. Quote Link to comment Share on other sites More sharing options...
Infiltrator Posted April 7, 2013 Share Posted April 7, 2013 (edited) Even, If there was a guide out there on how to "clean the logs". It would vary from system to system. For a simple reason, even if you managed to clear all the log files in the machine you attacked. Depending on the network setup, there could be an appliance on the network, monitoring or even recording everything you are doing. So before attacking a system it's imperative that you carry out a reconnaissance or gather as much information as possible. By the way, if you go to the control panel, under administrative tools, there is an option called EvenViewer, in there you will find all the systems log files. In Linux the log files will usually be saved under, the /var/log directory. Edited April 7, 2013 by Infiltrator Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.