OSCP
  • All About OSCP
  • OSCP- One Page Repository
  • About the Author
  • Basic Linux & Windows Commands
    • Linux Commands
    • Windows
      • cmd
      • Powershell
      • Basics of windows
    • Linux / WindowsMain commands
    • Bash Scripting
  • Recon (Scanning & Enumeration)
    • Active Info Gathering
      • My Network Recon Checklist
      • My Web Recon Checklist
      • Network Enumeration
      • Port Scanning
    • Common Ports and Services
      • Other Services Enumeration
    • DNS Zone Transfer Attack
    • SNMP Enumeration
    • SMB Enumeration
    • Web Application Directory bruteforcing / fingerprinting
    • Port & Services Scanning
  • Web Application
    • My checklist
      • LFI
      • RFI
      • SQLI
    • File Upload bypass
    • Enumeration and Exploitation
    • No-Sql Injection
    • SQL Injection
    • Hidden Files and directories
    • RFI
    • LFI
  • Brute Force
    • Reuse the hash
    • Password Crack
  • Shells
    • Linux Reverse Shell [One liner]
    • Reverse Shell to fully interactive
    • Reverse Shell Cheat Sheet
    • WebShell
  • Transferring files
    • My Checklist
    • Transfer files on linux
  • Priv Escalation
    • Linux Priv Escalation
      • g0tmi1k linux privilege escalation
      • Privilege Escalation - Linux
      • Checklist - Linux Privilege Escalation
    • Windows Priv Escalation
      • Fuzzysecurity window priv escalation
      • Privilege Escalation - Windows
      • Checklist - Local Windows Privilege Escalation
  • Post Exploitation
    • Cover your tracks
    • Persistence
    • Loot Linux
    • Loot Windows
    • Escaping Restricted Shell
    • Meterpreter shell for post-exploitation
    • Spawn Shell
  • Pivoting
    • My Checklist for Pivoting
    • Tunneling and Port Forwarding
    • Pivotind understanding
  • Buffer Overflow
    • Buffer overflow
    • Buffer overflow Step by Step
      • Study about buffer overflow
      • Brainpan
      • VulnServer
      • Minishare
  • Main Tools
  • MISC
    • Exploit Compiling
  • CheatSheet (Short)
  • OSCP/ Vulnhub Practice learning
    • Machines Practice
    • My Practice on HTB Windows boxes
    • My Practice on Vulnhub boxes
    • Over the Wire (Natas)
    • Over The wire (Bandit)
Powered by GitBook
On this page
  • On Linux
  • Shred files
  • On windows

Was this helpful?

  1. Post Exploitation

Cover your tracks

On Linux

Log files

/etc/syslog.conf

In this file you can read all the logs that syslog log.

On linux systems a lot of logs are stored in:

/var/logs

For example:

/var/log/messages

Here you have failed and successful login attempts. SSH, SUDO, and much more.

/var/log/auth.log

Apache

/var/log/apache2/access.log
/var/log/apache2/error.log

Remove your own ip like this

grep -v '<src-ip-address>' /path/to/access_log > a && mv a /path/to/access_log

What it does is simply to copy all lines except the lines that contain your IP-address. And then move them, and them move them back again.

grep -v <entry-to-remove> <logfile> > /tmp/a ; mv /tmp/a <logfile> ; rm -f /tmp/a

UTMP and WTMP

These logs are not stored in plaintext but instead as binaries. Which makes it a bit harder to clear.

who
last
lastlog

Command history

All your commands are also stored.

echo $HISTFILE
echo $HISTSIZE

You can set your file-size like this to zero, to avoid storing commands.

export HISTSIZE=0

If you set it when you get shell you won't have to worry about cleaning up the history.

Shred files

Shredding files lets you remove files in a more secure way.

shred -zu filename

On windows

PreviousPost ExploitationNextPersistence

Last updated 5 years ago

Was this helpful?

Clear env

https://www.offensive-security.com/metasploit-unleashed/event-log-management/