Jump to content

Cleaning Logs


DataPhreak

Recommended Posts

Okay, so just about every guide or tutorial out there tells you to "Cover your tracks" and "Clean the logs" but never have I ever found a guide that tells you what you need to be cleaning after compromising a windows machine. If anyone has a guide on the topic, I'd love a link. Otherwise, lets assume a windows machine is compromised with meterpreter after a browser attack, we set up persistence, pass the hash, and pivot. Maybe take a shot from the webcam.

Link to comment
Share on other sites

Even, If there was a guide out there on how to "clean the logs". It would vary from system to system. For a simple reason, even if you managed to clear all the log files in the machine you attacked.

Depending on the network setup, there could be an appliance on the network, monitoring or even recording everything you are doing.

So before attacking a system it's imperative that you carry out a reconnaissance or gather as much information as possible.

By the way, if you go to the control panel, under administrative tools, there is an option called EvenViewer, in there you will find all the systems log files.

In Linux the log files will usually be saved under, the /var/log directory.

Edited by Infiltrator
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...