✅ Covering Tracks

Penetration Testing Wiki

Linux

Without administratives privileges

history -c
unset HISTFILE

With administrative privileges

gcc 0x333shadow.c -o 0x333shadow -D Linux
./0x333shadow -a -i $IP -l 5

Show times:

stats $FILE

Modify access times:

touch -a -d '23 Mar 2018 10:10' $FILE

Modify modification time:

touch -m -d '23 Mar 2018 10:10' $FILE

Windows

With administrative privileges

Delete entries in:

eventvwr

Without administrative privileges

Modify access times:

timestomp.exe $FILE -z "Thursday 23/03/2018 10:00:00 PM"
powershell -Command "(Get-Item $FILE).LastWriteTime = $(Get-Date).AddHours(-8)"

How useful was this post?

Click on a star to rate it!

Average rating 0 / 5. Vote count: 0

No votes so far! Be the first to rate this post.

About me

My name is Jacobo Avariento. I started in cybersecurity around 2001 doing vulnerability research and exploit writing.

I worked as a consultant and penetration tester for top tier banks, the European Central Bank, pharmaceutical and automotive companies.

I got a Master’s Degree in Computer Science and hold Certified Ethical Hacker (CEH), Offensive Security Certified Professional (OSCP) and Certified Blockchain Security Professional (CBSP) certifications.

OSCP Certification

CEH Certification

© 2022 DEFENSAHACKER Academy