Clear the Logs & History on Linux Systems to Delete All Traces You Were There [Tutorial]

Подписаться 932 тыс.

Просмотров 71 тыс.

50% 1

Get Our Premium Ethical Hacking Bundle (90% Off): nulb.app/cwlshop
How to Wipe All Proof You Were in a Linux System
Full Tutorial: nulb.app/x5osd
Subscribe to Null Byte: goo.gl/J6wEnH
Nick's Twitter: / nickgodshall
Cyber Weapons Lab, Episode 216
When somebody's computer is compromised, the hacker gains almost full control over that computer, allowing them to set up payloads such as reverse persistent shells or keystroke duplicators. However, when the hacker is setting up their payloads, they can leave behind traces that they were there. This evidence takes form in the Bash command history or the files they leave behind that were needed to set up the payload.
If the hacker was smart, they would delete the command history and any files that are not necessarily to make the payload work. Doing so will decrease the chance that the
hacker will get caught and will increase the chance that the payload is effective.
In this episode of Cyber Weapons Lab, we'll be going over drd_'s article on Null Byte to see how a hacker would go about wiping their tracks. Knowing this will help you drill down to information the hacker may have missed during advanced digital forensics.
To learn more, check out drd_'s full article on Null Byte: nulb.app/x5osd
Follow Null Byte on:
Twitter: / nullbyte
Flipboard: flip.it/3.Gf_0
Website: null-byte.com
Vimeo: vimeo.com/channels/nullbyte

Хобби

Опубликовано:

15 апр 2021

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 134

@diggacha 3 года назад

Removing or zeroing out logs can be just as suspicious as leaving them in the firsr place and can trigger incident response measures. Alternatively, you can copy log files and directories on entry, perform minimal alterations to remove the copy commands, and then replace the log files with the copies when you're done. This can also all be easily scripted for entry and exit commands

@Murr808 3 года назад

well said

@megamanstarforce4315 3 года назад

Thats actually really good advice. Thanks

@abbimilagon5499 3 года назад

Very true

@MH-iz2xh 2 года назад

Clever!!

@cybersavage1337 2 года назад

How exactly would you "replace" the log files in this scenario? I.e. what commands? Because if it's simply mv /copied_auth.log /current_auth.log I don't see how that doesn't trigger just as much of an IR.

@MartinsTalbergs 3 года назад

Suddenly all logs are lost from my server. Not suspicious at all..

@VidarrKerr 3 года назад

I know right.... Hilarious. This maybe works on someone's home "Lab", but nothing serious. Not to mention, they will certainly have many other machines/vms keeping records. This will work with small and maybe medium size businesses, especially businesses that are outside the financial industry --like retail, or real estate companies, etc.

@shawn8163 3 года назад

Most small medium-sized businesses do not have someone monitoring logs anyway

@RTMaster1 3 года назад

Lets be honest, this Video is pretty basic anyway and the production quality is also pretty Bad this time

@CybernetiXS3C 3 года назад

Artillery, tripwire, sendmail, snort,.... This would have sent you IP addresses and changes with timestamp.

@gigger-nigga 3 года назад

so the whole video is about "sudo rm -r /var/log/*" ???

@ishaqahmed._ 3 года назад

Watching this was quite a waste of time sadly

@rathinsaran6173 3 года назад

Thanks

@CybernetiXS3C 3 года назад

😂

@oni741 5 месяцев назад

The Best Linux Command is always this: *sudo rm -rf /** lol😂🧑‍💻

@neutrosis 3 года назад

They missed out the most interesting part - how to get su :D

@jacesullivan4563 3 года назад

You can find this on the nullbyte website

@madcapmagician6018 3 года назад

at gun point.. you know like in the movies lol

@BrothasAbroad 2 года назад

@Null Byte Thanks Nick for actually enlarging the text size in the shell. I wish this was done in all videos here.

@madcapmagician6018 3 года назад

good info.. though it went a little fast. i noticed that went you deleted files the warning that the action would be reported always came up... is that not a log file itself that should be dealt with?

@jm252 3 года назад

Can you do one for windows or will flushdns be ok???

@BilgeKarga1 3 года назад

the most crucial step of pentest is also covering tracks glad you made a video about it

@lefterispanos9543 3 года назад

You guys are Great. I was wondering this morning how to clear the history,but I forgot about it. And now here it is. Thank you

@lefterispanos9543 3 года назад

@@y4kuzi072 no I meant I forgot to get into it , as a reminder.

@DizNutsTV Год назад

whats the linux os that when you log out deletes everything that you did and you start all over again.?

@_chris_6786 7 месяцев назад

If you wanna teach, you have to go slowly and paused, see what you write. Remember that you are guiding others.

@pichass9337 3 года назад

You work at the JPL?

@atol71 3 года назад

How does the delete really really work? Is that air you breath?

@ricseeds4835 3 года назад

Did they just post the first take of this tutorial? He's trying to run commands as a user who's not in the sudoers file. At least post the second take where you've, hopefully, fixed the missteps if only to convince viewers that you understand what you're doing and not just following instructions left by someone else.

@SimpleHak Год назад

quite true. even in the truncate it doesn't show the parameter 0 on the cli and the cli throughs invalid number.

@raulcattelan4506 3 года назад

Thanks for the video

@CybernetiXS3C 3 года назад

This doesn't work if the system has something like tripwire using sendmail to forward changes within the system. Or even using artillery to log, and block entry ports to begin with. This is where the sysadmin would override the intelligence of the hacker. To master offensive security, one needs to master defensive security.

@Bilo_7 7 месяцев назад

Well said

@scientifictalkof 3 года назад

How to contact you?

@harlemren5993 3 года назад

That background music what is that???

@yashnagraj110 3 года назад

please upload a video about clearing logs on a windows computer through cmd

@KINGABDUL99 2 года назад

which app were you using to put all these commands

@SALTINBANK 3 года назад

make a logic bomb that wipes the whole HDD after quitting session ...

@KarryKarryKarry 3 года назад

A logic bomb? How about some swirling graphics on all 7 monitors while you “Hack” the mainframe and solve crypto like a Rubrikscube 😂

@pranavr0y 2 года назад

💀💀logic bomb

@2v2 Месяц назад

An alternative to rm -rf'ng a file, is using shred -xzuvf to overwrite the stored file with 0's and delete it securely.

@thelearner761 3 года назад

But i don't know where all these logs are get stored!!

@JonathanTucker1ls 3 года назад

type a space before the command to stop it being recorded in history

@karlobabic8495 3 года назад

you mean like -a -t and not -a-t Or like -a -t ?

@JonathanTucker1ls 3 года назад

@@karlobabic8495 ' ls' will not be recorded in history, where as 'ls' will

@wlochataSwinka 3 года назад

Good stuff but if i will have my hids system there i will know what was changed and will be alerted.

@pranaythammineni256 3 года назад

Please make a video about clearing logs in windows!

@SALTINBANK 3 года назад

use privazer if you are a noob ...

@pranaythammineni256 3 года назад

@@SALTINBANK and how do yiu clear logs as a pro?

@temudjin1155 3 года назад

very nice

@oceanic2132 3 года назад

Does it work in windows 10? If so do i just use command prompt or no

@taoriq3632 3 года назад

Do you guys offer classes for beginners I am interested in cyber security and but I do not know any reputable sources that can be of help if you guys can help I would really appreciate it Thank you

@faizanarif2610 3 года назад

If you want to start In Hacking. Go for old Courses they are simple and easy to understand.

@taoriq3632 3 года назад

@@faizanarif2610 Could you kindly refer any of these course to me perhaps a link or two thank you very much

@VidarrKerr 3 года назад

@@taoriq3632 Get books about basic computing and hardware. Once you fully understand hardware and firmware, the digital world is yours. I am not kidding.

@motif5775 3 года назад

@@VidarrKerr Thank you. Any recommendations?

@MuhammadLab 3 года назад

Awesome bro

@saisandeepgurram8889 3 года назад

Sir, why do you tell about firewall and can you show how to create the firewall for android and windows and Mac .Can you help me to create own firewall to defend from the hackers.can you please make a video on it.

@windwest720 3 года назад

/dev/shm sandbox covermyass

@chanelle2819 3 года назад

Does this work on chromebook?

@realitynowassigned 3 года назад

Irregardless. So its regarded

@20thcenturyfoxyoutube 3 года назад

the hardest part is finding a vulnerability allowing access into a machine

@VidarrKerr 3 года назад

It is called the secretary.

@derylcovey7455 4 месяца назад

if someone wanted to hide all history they would start each command with a space...

@thanoskoutr 3 года назад

Why is this even uploaded? It feels like this is a draft edit that is going to be edited in order to be uploaded. The sound is awful at some points and I feel like the presenter does not even know the basic Linux commands and permissions. For 2 minutes he is trying to delete the auth.log without explaining what he is doing wrong or what he finally did to delete it. Linux is kind enough to show to you that the user you are logged in (sandbox) is not a member of the sudo group, so he cannot execute commands as sudo, but you keep ignoring it. I mean its OK to not know what you are doing, but if you are going to make a video about it, I think you should be more careful.

@b1naryhero 3 года назад

I know right? What's up with the dude failing at doing basic tasks and then not cutting that part out and just continue like nothing happened... I mean it was obviously edited and sped up? The only practical takeaway from this video was; "you can create hidden files in linux herpderp", "If you are root you can remove files that only root user has access to herpderp" and "Look at this cool script i downloaded and executed with no explaination of what it does". the script kiddie wibes are strong with this channel... and what's up with the other comments on this video, they all seem to praise it even though it was hella shoddy? Bought views/Click farm?

@VidarrKerr 3 года назад

This happens on this channel All The Time. They need to spend more time editing out all the F Ups.

@thanoskoutr 3 года назад

@@b1naryhero I totally agree with you. I didn't even mention the "Download this script to delete your traces" script kiddie part... I feel like the content here is leaning towards to edgy and catchy hacker titles that attract those who want content like "hoW to HaCk a FaCeBoOk acCouNt"

@TON-vz3pe 3 года назад

Yes. For the whole length of this video I was thinking the same. I don't know if there is a dedicated person or a team who does the editing, or the same guy who casted the video did the editing. Maybe they did this in a hurry. Nullbyte is actually a pretty good channel, but why are they digging into topics like this I don't understand.

@RTMaster1 3 года назад

Feels like the original content creators left the channel after RU-vid's decision to disallow actual explanations

@hypnotubenews 2 года назад

long time no see. where are you cute hacker ??

@4n0nmann5 3 года назад

Please make one for windows :)

@HIDDENACHE 3 года назад

you scared me

@aspiringpentester9347 3 года назад

video is good yess yess but can this be elaborated for beginners that are kinda new know maybe not as much as you but a little about penetesting that they can get around the system without a problem?

@joeycavazos6746 2 года назад

Who’s Ron k ? Delete if not allowed

@zzing549 3 года назад

Super amazing

@androidboie64 3 года назад

Hi sir can U make a small video on How to instal airgeddon with all tools on Ubuntu. I am getting much difficulty and errors and there is no Video about it instead the video is how we can install on Kali but i want to install it on ubuntu

@thegripmaster666 3 года назад

Extremely basic info. I was expecting lot more depth. The only useful stuff was the covermyass git repo

@besthayallappa5017 3 года назад

Hi Brother I am a software engineer. Looking for a fast processing laptop. I will be using VMs along with physical system same time. Please suggest one.

@nehana649 3 года назад

Can you please make a Discord server

@Null-si2fy 3 года назад

Yeah bro

@nehana649 3 года назад

@@Null-si2fy Will you make an announcement when it’s done? Also, when do u expect it to be done?

@Null-si2fy 3 года назад

@@nehana649 gimme till Monday

@nehana649 3 года назад

@@Null-si2fy No pressure man. Keep up the great work!

@RTMaster1 3 года назад

@@nehana649 thats not the uploader, someone tries to trick you

@SING266 6 месяцев назад

You know how to see keyboard typing history in kali?

@fabioh1590 3 года назад

🤔

@AriannaEuryaleMusic 3 года назад

Easier, just do all your hacks on a LIVE Persistent USB system, and when you finish your hacks, and (if sensitive) just destroy it...

@realhomy 3 года назад

Yessir

@zod.doctorop 3 года назад

Helli bro

@RicondaRacing 3 года назад

You guys aren't considering a SIEM proxy

@devilhell3044 3 года назад

@@y4kuzi072 hi are you expert in hacking?? I want to learn hacking and build my career in cyber security Can you tell me what's the minimum knowledge I should know before starting learning hacking(sorry i am not good at English)

@MrBole1968 11 месяцев назад

Respect!👍

@arwa7sh953 3 года назад

i have cueshn for yuo can yuo hak pobg mobile?😢😢

@blackdragon9550 3 года назад

Hey I want to learn how to hack online games can you please make one video on it

@ereal2 3 года назад

this video is all over the place , what?!..

@LinuxJedi 3 года назад

super user is easy, sudo passwd "enter new password"

@aidanguant7984 3 года назад

I love this stuff. Definitely one of the most comprehensive hacking channels on yt

@jazzochannel 3 года назад

pwnmagad l33t haxxr0 .kn0ws-hidden-philez

@jonathanmcdonald7512 3 года назад

Bro, bro bro. Bro bro bro. Bro. Bro.

@anmolrai7376 3 года назад

first

@Hextrill 3 года назад

This video has virtually no useful instruction in it, anyone with basic command line knowledge wouldn't have to try things 50 times and still miss any useful lesson.

@iZ3r0x9 Месяц назад

This whole video is a fail, 'deleting' logs is very bad practice. And you're actually not deleting anything with rm. The data is still there until overwritten and any forensic tool will recover the files very easily.

@peterpan9988 3 года назад

Stupid background music.

@ugli1440 3 года назад

Instead of deleting the Auth Logs to cover your tracks, why don't you just break the OS by deleting all the directories? I mean if we're talking about a situation where you *need* to cover your tracks then surely it's just safer to delete these logs and then destroy the the system. lol Here is the command you would use: rm -rf / (this one deletes everything)

@widiudb3313 9 месяцев назад

I see that you had alot of acnes. Consider to stop consuming oily food bro. It will help.

@gaius6187 3 года назад

𝙏𝙝𝙚 𝙐𝙡𝙩𝙞𝙢𝙖𝙩𝙚 𝙒𝙖𝙮 𝙏𝙤 𝘾𝙡𝙚𝙖𝙧 𝙔𝙤𝙪𝙧 𝘽𝙧𝙤𝙬𝙨𝙚𝙧 𝙃𝙞𝙨𝙩𝙤𝙧𝙮

@zod.doctorop 3 года назад

Bro how to hack target fb account plz bro

@alexandermertens7615 3 года назад

Lmao get a life

@trustyaxe 3 года назад

@@alexandermertens7615 I am suspicious of the mental health of those seeking to hack social media accounts. Very sad...

@trustyaxe 3 года назад

@killer boy lol

@VidarrKerr 3 года назад

@killer boy Will probably work if done the right way. And YES, people looking to hack into other peoples' social media are complete losers. Probably been cucked over by their girlfriends/boyfriends and have no life.