Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Project: Linux Log Eraser v0.2 Share/Save - My123World.Com!

  1. #1
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744

    Project: Linux Log Eraser v0.2

    Hi Friends,

    Here I am presenting v0.2 for the same.

    The Default Page with Garage logo:


    The Help Page:


    Features in ver 0.2:

    1. Script has been redesigned from scratch. It's more customizable now. Pay attention to the global variables declared and initialized at the top of code.
    2. Non-interactive script: The interactive features might be painful on a remote connect or reverse shell.
    3. Included features to Erase user activity logs from logs files (wtmp, utmp, lastlog etc)
    4. Fetch the IP, spoof_ip, and user name to it. The script will take care to remove all entries of them from "editable" ascii files and would spoof all of them in binary files.
    5. Fixed the error in deleting the log entries for the web back door shell from web logs.
    6. Restore the time stamping for all the log files which have been accessed and edited.
    7. Get some basic system info
    8. Verify-IP: To inform user if by mistake he has entered invalid IP (It includes 3 different checks on user input)

    This time, script being non-interactive, please play safe.

    The script is ready to go and can be used in your ventures!

    Couple more things are running in back of my mind for the same concept. I will try to incorporate them soon in the existing code.

    Hackuin, please have a closer look this time. I haven't included your suggestions yet, but would definitely.

    PS: Delete the trailing .txt extension.
    Attached Files Attached Files
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  2. #2

    Great Work........ bro...................
    JAI MATA DI

    *

    Silence is not our weakness, Its just we dont want to waste our time...........

  3. #3
    Garage Addict 41.w4r10r's Avatar
    Join Date
    Jul 2010
    Location
    Pune
    Posts
    338
    Blog Entries
    3
    And here we go....

  4. #4
    Network Security Administrator Hackuin's Avatar
    Join Date
    Apr 2011
    Location
    10011001 10011001
    Posts
    104
    Haha. I know its been over looked.
    Help options contains wrong usage information. I mean the function "help_banner ()" contains"
    Code:
    Usage
    =====
    ./linux_log_eraser.sh options
    Where-as, "linux_log_eraser.sh" is wrong filename. So, is it recommended to use " `basename 0` " or "$0" accordingly, or just replace "linux_log_eraser.sh with "Wipe_Linux_Logs-v0.2.sh"
    I would still recommend you to implement, it little user interactive, which obviously reduces plenty of code like, instead of user to manipulate the script itself for adding more log files, why not using STDIN the absolute path of the logfiles or just read file name checking for file exists on log locations, something like, "locate $1"

    Other thing is "positional parameter checking", if pass " ./Wipe_Linux_Logs-v0.2.sh 123 " it still go mess with logfiles, try to restrict the script to use only those parameters mentioned in the script. everything else should be forced to exit().

    Applying with correct parameter/option with the file specified by the user, we can completely takeoff the overhead/process of some function like, "fuck_log_files()". etc. even-more, there are some circumstances where we don't need mess around with whole log structure, instead we just need to erase a particular file, so, it would be better to implement a logic, to just erase a particular file, where we just don't need overhead.

    Also, as I told earlier, plenty of stuff requires root permissions, so just force the user to be root instead of over-heading of who the user is logged in etc.,

    -Hackuin
    "Free software" is a matter of liberty, not price. To understand the concept, you should think of "free" as in "free speech," not as in "free beer."
    "Microsoft is not the answer. Microsoft is the question. NO (or Linux) is the answer."
    "Ubuntu - Linux For Human Beings."

    Currently reading books:
    Integrating Forensic Investigation Methodology into eDiscovery -- by Colin Chisholm.
    Digital Forensics with Open Source Toolss -- by Cory Altheide && Harlan Carvey.

  5. #5
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Thanks for pointing out the errors Hackuin

    1. The $0 has been fixed for filename. I really overlooked that!
    2. "./Wipe_Linux_Logs-v0.2.sh 123" has also been fixed. 4 checks were already there but missed the 5th one and you caught that

    Quote Originally Posted by Hackuin View Post
    Applying with correct parameter/option with the file specified by the user, we can completely takeoff the overhead/process of some function like, "fuck_log_files()". etc. even-more, there are some circumstances where we don't need mess around with whole log structure, instead we just need to erase a particular file, so, it would be better to implement a logic, to just erase a particular file, where we just don't need overhead.
    Could you please be more specific here with some practical example?


    I would still recommend you to implement, it little user interactive, which obviously reduces plenty of code like, instead of user to manipulate the script itself for adding more log files, why not using STDIN the absolute path of the logfiles or just read file name checking for file exists on log locations, something like, "locate $1"
    I would refrain from doing that. Two arrays have been declared; user with 1 ounce of brain shall be able to comment/uncomment or add in new log file. User would just need to customize it once per the scenario.

    Also, as I told earlier, plenty of stuff requires root permissions, so just force the user to be root instead of over-heading of who the user is logged in etc.,
    How?

    Rgds
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  6. #6
    Security Researcher
    Join Date
    May 2011
    Location
    Pune, Maharashtra, India
    Posts
    237
    Blog Entries
    1
    hey b0nd,
    not sure if its technically feasible or not.

    why not put the original timestamps back on the file after we are done messing it up.

    I have seen people suggesting to check the date of file mod to have an approx idea of tampering...

    so i am suggesting if its possible not sure how to revert back the dates timestamp on files after we are done messing with it.
    Website :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    Blog :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  7. #7
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Quote Originally Posted by Anant Shrivastava View Post
    hey b0nd,
    not sure if its technically feasible or not.

    why not put the original timestamps back on the file after we are done messing it up.

    I have seen people suggesting to check the date of file mod to have an approx idea of tampering...

    so i am suggesting if its possible not sure how to revert back the dates timestamp on files after we are done messing with it.
    Yes, that is the crux of this code and have already implemented since v0.1 of it.

    The following functions have this coding:
    1. check_time_stamping ()
    2. edit_ascii_file_and_timestamping ()
    3. edit_binary_file_and_timestamping ()
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  8. #8
    Security Researcher
    Join Date
    May 2011
    Location
    Pune, Maharashtra, India
    Posts
    237
    Blog Entries
    1
    Quote Originally Posted by b0nd View Post
    Yes, that is the crux of this code and have already implemented since v0.1 of it.

    The following functions have this coding:
    1. check_time_stamping ()
    2. edit_ascii_file_and_timestamping ()
    3. edit_binary_file_and_timestamping ()
    looks like i missed it ....

    I am getting old ....
    Website :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

    Blog :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

  9. #9
    ... I am no Expert b0nd.g4h@gmail.com b0nd's Avatar
    Join Date
    Jul 2010
    Location
    irc.freenode.net #g4h
    Posts
    744
    Quote Originally Posted by Anant Shrivastava View Post
    looks like i missed it ....

    I am getting old ....
    With two consecutive "misses" ... I could say "YES", you need some rest
    [*] To follow the path: look to the master, follow the master, walk with the master, see through the master,
    ------> become the master!!! <------
    [*] Everyone has a will to WIN but very few have the will to prepare to WIN
    [*] Invest yourself in everything you do, there's fun in being serious

  10. #10
    Awesome Project ... Awesome logo .. Awesome Description Ultimate ...
    Garage4Hackers bugs for the community , of the community

    We provide IT
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    :
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.


    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.
    |
    To view links or images in signatures your post count must be 10 or greater. You currently have 0 posts.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •