Linux
Without administratives privileges
history -c unset HISTFILE
With administrative privileges
- /var/log/messages
- /var/log/auth.log
- /var/log/apache2/access*.log
- 0x333shadow tool: https://packetstormsecurity.com/files/31345/0x333shadow.tar.gz.html
gcc 0x333shadow.c -o 0x333shadow -D Linux ./0x333shadow -a -i $IP -l 5
Show times:
stats $FILE
Modify access times:
touch -a -d '23 Mar 2018 10:10' $FILE
Modify modification time:
touch -m -d '23 Mar 2018 10:10' $FILE
Windows
With administrative privileges
Delete entries in:
eventvwr
Without administrative privileges
Modify access times:
timestomp.exe $FILE -z "Thursday 23/03/2018 10:00:00 PM"
powershell -Command "(Get-Item $FILE).LastWriteTime = $(Get-Date).AddHours(-8)"