Many of us need to clear our tracks and logs after hacking a server or penetration testing. Keeping this in mind, b0nd bro from Hackers Garage has coded a script in bash to earse logs and traces left on a Linux machine while or after compromising it.
Author: b0nd
site: http://garage4hackers.com
Features in ver 0.2:
1. Script has been redesigned from scratch. It’s more customizable now. Pay attention to the global variables declared and initialized at the top of code.
2. Non-interactive script: The interactive features might be painful on a remote connect or reverse shell.
3. Included features to Erase user activity logs from logs files (wtmp, utmp, lastlog etc)
4. Fetch the IP, spoof_ip, and user name to it. The script will take care to remove all entries of them from “editable” ascii files and would spoof all of them in binary files.
5. Fixed the error in deleting the log entries for the web back door shell from web logs.
6. Restore the time stamping for all the log files which have been accessed and edited.
7. Get some basic system info
8. Verify-IP: To inform user if by mistake he has entered invalid IP (It includes 3 different checks on user input)
This time, script being non-interactive, please play safe. The script is ready to go and can be used in your ventures!
Couple more things are running in back of my mind for the same concept. I will try to incorporate them soon in the existing code. Screen shots:
Download it from here: http://www.garage4hackers.com/showthread.php?979-Project-Linux-Log-Eraser-v0.2&p=4184#post4184
