Father
Professional
- Messages
- 2,602
- Reaction score
- 800
- Points
- 113
What is a Covering Track?
Covering Track is an attempt to eliminate traces after an attack on an application or server. There are various ways for Covering Track, one of which is eliminating activity logs on a server.
Manipulating The Command History
Changing the direction of the command history file
Clear command history
You can also add this on your ~/.bashrc file, just replace the HISTFILE directory.
Find The Public IP We Use On The Logfile
To find out your respective Public IP, you don't need to bother because we can use a little Google help, namely by typing "what is my ip" in the Google search bar.
For example we have IP 156.160.237.253
Then you can track it using the grep command as below:
Adjust to the Public IP you are using, then clear your public IP from the cursed logs.
Why not just delete the logs right away?
Of course, deleting logs is a rash act and will make the server admin panic, then the thing to be afraid of is that the server you have hacked will not last long because it will be thoroughly maintained and cleaned by the admin.
Hiding
WTMP, logs every login/logoff
UTMP, records who is currently accessing
Lastlog, records the source address of the user who logged in last
You can hide with the help of the Uzapper tool, you can download the source code at the following link https://dl.packetstormsecurity.net/groups/shadowpenguin/unix-tools/uzapper.c .
Compile uzapper first then type the command as below:
* Adjust the username you use to access the server.
After running the username will disappear from the utmp, wtmp, and lastlog records.
That's all about how to cover a track simple on a Linux Server, hopefully it's useful.
Laravel PHP Shell Upload & Grabber
Change Threads On Line 350 (Pool(50)).
URL Format : http://
Need : Python V3
Usage: python3 Laravel.py <urlfile>
Covering Track is an attempt to eliminate traces after an attack on an application or server. There are various ways for Covering Track, one of which is eliminating activity logs on a server.
Manipulating The Command History
Changing the direction of the command history file
Code:
HISTFILE=/dev/nullClear command history
Code:
history -cYou can also add this on your ~/.bashrc file, just replace the HISTFILE directory.
Find The Public IP We Use On The Logfile
To find out your respective Public IP, you don't need to bother because we can use a little Google help, namely by typing "what is my ip" in the Google search bar.
For example we have IP 156.160.237.253
Then you can track it using the grep command as below:
Code:
grep -Rni '156.160.237.253' /var/log/Adjust to the Public IP you are using, then clear your public IP from the cursed logs.
Why not just delete the logs right away?
Of course, deleting logs is a rash act and will make the server admin panic, then the thing to be afraid of is that the server you have hacked will not last long because it will be thoroughly maintained and cleaned by the admin.
Hiding
WTMP, logs every login/logoff UTMP, records who is currently accessing Lastlog, records the source address of the user who logged in lastYou can hide with the help of the Uzapper tool, you can download the source code at the following link https://dl.packetstormsecurity.net/groups/shadowpenguin/unix-tools/uzapper.c .
Compile uzapper first then type the command as below:
Code:
gcc uzapper.c -o uzapper
./uzapper username* Adjust the username you use to access the server.
After running the username will disappear from the utmp, wtmp, and lastlog records.
That's all about how to cover a track simple on a Linux Server, hopefully it's useful.
Laravel PHP Shell Upload & Grabber
Change Threads On Line 350 (Pool(50)).
URL Format : http://
Need : Python V3
Usage: python3 Laravel.py <urlfile>
