wiping your own tracks | Defend the Web

fred [feuerstein]
6 years ago

0

according to Real6… is there a general tutorial what you have to wipe on after a linux server intrusion? how can one know exactly what is logged and where? It could even be a honeypot ;)

testing935
6 years ago

0

What’s this question ???

Add me on hackthis

Or speak with me on IRC channel : https://www.hackthis.co.uk/irc/

Try to Ddos me, My ip : 127.0.0.1

fred [feuerstein]
6 years ago | edited 6 years ago

0

if you pwned a server, you may want to stay undetected to have a benefit of this server so what should one wipe there? deleting some logs is not the best imho

testing935
6 years ago

0

If you attack an apache server, delete log file ( /var/log/apache2 on debian )

in fact everything depend to the server type ( apache, tomcat … ) and your attack

Add me on hackthis

Or speak with me on IRC channel : https://www.hackthis.co.uk/irc/

Try to Ddos me, My ip : 127.0.0.1

fred [feuerstein]
6 years ago

0

what about shell-history (bash/ssh)

testing935
6 years ago | edited 6 years ago

0

Ho okey Your Question is more clearer

Add me on hackthis

Or speak with me on IRC channel : https://www.hackthis.co.uk/irc/

Try to Ddos me, My ip : 127.0.0.1

Darwin [DIDIx13]
6 years ago

0

Wait for one of our big members to see this x)

Message me anytime!

f0rk [HackingGuy]
6 years ago

1

Or research it yourself xD

There are many things that attackers do to perform anti-forensics, however, the field is a very large one, so it takes a minute to grasp everything.

Some other good or interesting sources could be:
-https://ccdcoe.org/multimedia/anti-forensic-study.html
-https://wikileaks.org/ciav7p1/cms/page_14588467.html
-http://www.forensicswiki.org/wiki/Anti-forensic_techniques

Especially the last one, that my favorite :)

There’s no place like 127.0.0.1

fred [feuerstein]
6 years ago

0

thanks, I’ll have a look at this

proxy_chainer
6 years ago

0

you need to start with the logs on that server . after that what @HackingGuy just tell :>