The final stage of exploitation is covering your tracks, which involves wiping all activity and logs so the attacker can avoid being detected. It's especially crucial for persistence if the target is going to be accessed again in the future.
To show you the basics of covering your tracks, we'll compromise a target first, then explore some techniques used to delete Bash history, clear logs, and remain hidden after exploiting a Linux system.
Step 1: Compromise a Target
The first thing we need to do is exploit the target. We can use command injection to abuse the way the server handles OS commands to get a shell.
We'll also want to upgrade our new shell to a fully interactive one. Doing so will make it easier to work in general, and it will also let us use tab completion and terminal history.
After that, we can escalate our privileges to root so we can better take advantage of the system to remain undetected.
Step 2: Create an Easy-to-Delete Hidden Directory
Once we have root access, we can create a hidden directory to work out of and keep any scripts or files in. It won't fool anyone but the most noobie admin, but another layer of discretion certainly couldn't hurt. First, let's locate any writable directories with the following command:
root@target:/# find / -perm -222 -type d 2>/dev/null /dev/shm
/var/lock
/var/lib/php5
/var/tmp
/ ..
Support the originator by clicking the read the rest link below.
