by rhys
:avoiding getting busted:.
tutorial by rhys
ok just take
these precautions and dont question them..just take these steps to
avoid being busted.though it doesnt stop you from getting busted it
just makes it harder to
1. always proxy
tip:you can
use a vpn and then a socks proxy then a web proxy..this is like using
tree proxies..get a free 3 day 100mb vpn at alivevpn.com
2.
cover your tracks.ok so your gunna trash or deface.if you cant clear
the logs and you havent proxied or done anything to hide your ip..then
i recomend you wait a month or two and and then do it with a proxy
3.clear/patch/delete logs
ok
there are some pretty nice log wipers out there..i cant remember where
i got this from but thanks who ever made this list.these are some log
locations
IRIX:
=================
/var/adm/SYSLOG
/var/adm/sulog
/var/adm/utmp
/var/adm/utmpx
/var/adm/wtmp
/var/adm/wtmpx
/var/adm/lastlog/username
/usr/spool/lp/log
/var/adm/lp/lpd-errs
/usr/lib/cron/log
/var/adm/loginlog
/var/adm/pacct
/var/adm/dtmp
/var/adm/acct/sum/loginlog
/var/adm/X0msgs
/var/adm/crash/vmcore
/var/adm/crash/unix
AIX:
=================
/var/adm/pacct
/var/adm/wtmp
/var/adm/dtmp
/var/adm/qacct
/var/adm/sulog
/var/adm/ras/errlog
/var/adm/ras/bootlog
/var/adm/cron/log
/etc/utmp
/etc/security/lastlog
/etc/security/failedlogin
/usr/spool/mqueue/syslog
SunOS:
=================
/var/adm/messages
/var/adm/aculogs
/var/adm/aculog
/var/adm/sulog
/var/adm/vold.log
/var/adm/wtmp
/var/adm/wtmpx
/var/adm/utmp
/var/adm/utmpx
/var/adm/log/asppp.log
/var/log/syslog
/var/log/POPlog
/var/log/authlog
/var/adm/pacct
/var/lp/logs/lpsched
/var/lp/logs/lpNet
/var/lp/logs/requests
/var/cron/log
/var/saf/_log
/var/saf/port/log
Linux:
=================
/var/log/lastlog
/var/log/telnetd
/var/run/utmp
/var/log/secure
/root/.ksh_history
/root/.bash_history
/root/.bash_logut
/var/log/wtmp
/etc/wtmp
/var/run/utmp
/etc/utmp
/var/log
/var/adm
/var/apache/log
/var/apache/logs
/usr/local/apache/log
/usr/local/apache/logs
/var/log/acct
/var/log/xferlog
/var/log/messages
/var/log/proftpd/xferlog.legacy
/var/log/proftpd.access_log
/var/log/proftpd.xferlog
/var/log/httpd/error_log
/var/log/httpd/access_log
/etc/httpd/logs/access_log
/etc/httpd/logs/error_log
/var/log/httpsd/ssl.access_log
/var/log/httpsd/ssl_log
/var/log/httpsd/ssl.access_log
/etc/mail/access
/var/log/qmail
/var/log/smtpd
/var/log/samba
/var/log/samba-log.%m
/var/lock/samba
/root/.Xauthority
/var/log/poplog
/var/log/news.all
/var/log/spooler
/var/log/news
/var/log/news/news
/var/log/news/news.all
/var/log/news/news.crit
/var/log/news/news.err
/var/log/news/news.notice
/var/log/news/s--k.err
/var/log/news/s--k.notice
/var/spool/tmp
/var/spool/errors
/var/spool/logs
/var/spool/locks
/usr/local/www/logs/thttpd_log
/var/log/thttpd_log
/var/log/ncftpd/misclog.txt
/var/log/ncftpd.errs
/var/log/auth
Red Hat, Mac OS X
/var/log/httpd/access_log
/var/log/httpd/error_log
Solaris
/var/apache/logs/access_log
/var/apache/logs/error_log
SuSE Linux Enterprise Server
/var/log/httpd/access_log
/var/log/httpd/error_log
lampp
/opt/lampp/logs/error_log
/opt/lampp/logs/access_log
Debian
/var/log/apache/access.log
/var/log/apache/error.log
/var/log/apache-ssl/error.log
/var/log/apache-ssl/access.log
FreeBSD
/usr/local/etc/httpd/logs/access_log
/usr/local/etc/httpd/logs/error_log
OpenBSD
/var/www/log/access_log
/var/www/log/error_log
Windows
C:\Program Files\Apache Group\Apache\logs\error.log
C:\Program Files\Apache Group\Apache\logs\access.log
c:\apache\logs\error.log
c:\apache\logs\access.log
Other Possible Locations
/etc/httpd/logs/access.log
/etc/httpd/logs/error.log
/etc/httpd/logs/access_log
/etc/httpd/logs/error_log
/usr/local/apache/logs/access_log
/usr/local/apache/logs/error_log
/usr/local/apache/logs/access.log
/usr/local/apache/logs/error.log
/var/log/apache/access_log
/var/log/apache/error_log
/var/log/apache/access.log
/var/log/apache/error.log
/var/log/access_log
/var/log/error_log
/var/www/logs/error.log
/var/www/logs/access.log
/var/www/logs/error_log
/var/www/logs/access_log
5. disable javascripts/activex
yes
believe it or not you may proxy but if they have loggers in java script
or activex controls running in the page your viewing on the target
site/server then they may log your real ip regardless of how many
proxies you used
6.delete exploit traces..ok so lets say you went for root access but are finished regarless of success or not
always delete the explot or exploit file..that means delete that h00lyshit.c "and" h00lyshit
7.dont brag
dont brag about it to those who you dont trust..this really should be nobody
8.dont attempt to hack government servers/sites
this will most likely get you busted..some domains of goverments usually end in
.gov
.mil
.edu
.gob
.go
9.dont use proxies that are afilliated with governtments or companies
tip:socks proxies on ports 3134-3128 ae often setup by the governement so dont use them!
10.remote
logs..you may have cleared that /var/log/lastlog or whatever but did
you check to see if the server made any requests to remote files?if it
does they will probably be logged or loggers..looks like you got more
shit to clean up
11.telnet connections..ok i read this somewhere but never really tested but stuck with it
instead of going to command prompt and typing telnet x.x.x.x port eg: telnet 127.0.0.1 25
do this instead.
goto command prompt and type
telnet
start x.x.x.x port
end of commands
EG:
telnet
start 127.0.0.1 25
end of commands
12.never leave your real name..make up a nick name like l337h4ck3r 3000 or something..dont use your real name
13.dont leave your paid/real email...dont ever do real.name@yourisp.net
instead
use a hotmail acc or something.to be really precautious use a temporary
email like trashmail.net to forward the emails to your real email..just
look at trashmail.net and you will get what im saying
14.dont leave any real details like your phone number address
lets say you deface dont go.."hey admin..call me at this number and mail me at 12 my adrress rd town state country
well that is theones i can think off the back of my hand
got
anymore?add them here then.and by the way this tut was for newbies not
for the advanced so dont flame me..i only wrote it because someone
requested it
~rhys~
:avoiding getting busted:.
tutorial by rhys
ok just take
these precautions and dont question them..just take these steps to
avoid being busted.though it doesnt stop you from getting busted it
just makes it harder to
1. always proxy
tip:you can
use a vpn and then a socks proxy then a web proxy..this is like using
tree proxies..get a free 3 day 100mb vpn at alivevpn.com
2.
cover your tracks.ok so your gunna trash or deface.if you cant clear
the logs and you havent proxied or done anything to hide your ip..then
i recomend you wait a month or two and and then do it with a proxy
3.clear/patch/delete logs
ok
there are some pretty nice log wipers out there..i cant remember where
i got this from but thanks who ever made this list.these are some log
locations
IRIX:
=================
/var/adm/SYSLOG
/var/adm/sulog
/var/adm/utmp
/var/adm/utmpx
/var/adm/wtmp
/var/adm/wtmpx
/var/adm/lastlog/username
/usr/spool/lp/log
/var/adm/lp/lpd-errs
/usr/lib/cron/log
/var/adm/loginlog
/var/adm/pacct
/var/adm/dtmp
/var/adm/acct/sum/loginlog
/var/adm/X0msgs
/var/adm/crash/vmcore
/var/adm/crash/unix
AIX:
=================
/var/adm/pacct
/var/adm/wtmp
/var/adm/dtmp
/var/adm/qacct
/var/adm/sulog
/var/adm/ras/errlog
/var/adm/ras/bootlog
/var/adm/cron/log
/etc/utmp
/etc/security/lastlog
/etc/security/failedlogin
/usr/spool/mqueue/syslog
SunOS:
=================
/var/adm/messages
/var/adm/aculogs
/var/adm/aculog
/var/adm/sulog
/var/adm/vold.log
/var/adm/wtmp
/var/adm/wtmpx
/var/adm/utmp
/var/adm/utmpx
/var/adm/log/asppp.log
/var/log/syslog
/var/log/POPlog
/var/log/authlog
/var/adm/pacct
/var/lp/logs/lpsched
/var/lp/logs/lpNet
/var/lp/logs/requests
/var/cron/log
/var/saf/_log
/var/saf/port/log
Linux:
=================
/var/log/lastlog
/var/log/telnetd
/var/run/utmp
/var/log/secure
/root/.ksh_history
/root/.bash_history
/root/.bash_logut
/var/log/wtmp
/etc/wtmp
/var/run/utmp
/etc/utmp
/var/log
/var/adm
/var/apache/log
/var/apache/logs
/usr/local/apache/log
/usr/local/apache/logs
/var/log/acct
/var/log/xferlog
/var/log/messages
/var/log/proftpd/xferlog.legacy
/var/log/proftpd.access_log
/var/log/proftpd.xferlog
/var/log/httpd/error_log
/var/log/httpd/access_log
/etc/httpd/logs/access_log
/etc/httpd/logs/error_log
/var/log/httpsd/ssl.access_log
/var/log/httpsd/ssl_log
/var/log/httpsd/ssl.access_log
/etc/mail/access
/var/log/qmail
/var/log/smtpd
/var/log/samba
/var/log/samba-log.%m
/var/lock/samba
/root/.Xauthority
/var/log/poplog
/var/log/news.all
/var/log/spooler
/var/log/news
/var/log/news/news
/var/log/news/news.all
/var/log/news/news.crit
/var/log/news/news.err
/var/log/news/news.notice
/var/log/news/s--k.err
/var/log/news/s--k.notice
/var/spool/tmp
/var/spool/errors
/var/spool/logs
/var/spool/locks
/usr/local/www/logs/thttpd_log
/var/log/thttpd_log
/var/log/ncftpd/misclog.txt
/var/log/ncftpd.errs
/var/log/auth
Red Hat, Mac OS X
/var/log/httpd/access_log
/var/log/httpd/error_log
Solaris
/var/apache/logs/access_log
/var/apache/logs/error_log
SuSE Linux Enterprise Server
/var/log/httpd/access_log
/var/log/httpd/error_log
lampp
/opt/lampp/logs/error_log
/opt/lampp/logs/access_log
Debian
/var/log/apache/access.log
/var/log/apache/error.log
/var/log/apache-ssl/error.log
/var/log/apache-ssl/access.log
FreeBSD
/usr/local/etc/httpd/logs/access_log
/usr/local/etc/httpd/logs/error_log
OpenBSD
/var/www/log/access_log
/var/www/log/error_log
Windows
C:\Program Files\Apache Group\Apache\logs\error.log
C:\Program Files\Apache Group\Apache\logs\access.log
c:\apache\logs\error.log
c:\apache\logs\access.log
Other Possible Locations
/etc/httpd/logs/access.log
/etc/httpd/logs/error.log
/etc/httpd/logs/access_log
/etc/httpd/logs/error_log
/usr/local/apache/logs/access_log
/usr/local/apache/logs/error_log
/usr/local/apache/logs/access.log
/usr/local/apache/logs/error.log
/var/log/apache/access_log
/var/log/apache/error_log
/var/log/apache/access.log
/var/log/apache/error.log
/var/log/access_log
/var/log/error_log
/var/www/logs/error.log
/var/www/logs/access.log
/var/www/logs/error_log
/var/www/logs/access_log
5. disable javascripts/activex
yes
believe it or not you may proxy but if they have loggers in java script
or activex controls running in the page your viewing on the target
site/server then they may log your real ip regardless of how many
proxies you used
6.delete exploit traces..ok so lets say you went for root access but are finished regarless of success or not
always delete the explot or exploit file..that means delete that h00lyshit.c "and" h00lyshit
7.dont brag
dont brag about it to those who you dont trust..this really should be nobody
8.dont attempt to hack government servers/sites
this will most likely get you busted..some domains of goverments usually end in
.gov
.mil
.edu
.gob
.go
9.dont use proxies that are afilliated with governtments or companies
tip:socks proxies on ports 3134-3128 ae often setup by the governement so dont use them!
10.remote
logs..you may have cleared that /var/log/lastlog or whatever but did
you check to see if the server made any requests to remote files?if it
does they will probably be logged or loggers..looks like you got more
shit to clean up
11.telnet connections..ok i read this somewhere but never really tested but stuck with it
instead of going to command prompt and typing telnet x.x.x.x port eg: telnet 127.0.0.1 25
do this instead.
goto command prompt and type
telnet
start x.x.x.x port
end of commands
EG:
telnet
start 127.0.0.1 25
end of commands
12.never leave your real name..make up a nick name like l337h4ck3r 3000 or something..dont use your real name
13.dont leave your paid/real email...dont ever do real.name@yourisp.net
instead
use a hotmail acc or something.to be really precautious use a temporary
email like trashmail.net to forward the emails to your real email..just
look at trashmail.net and you will get what im saying
14.dont leave any real details like your phone number address
lets say you deface dont go.."hey admin..call me at this number and mail me at 12 my adrress rd town state country
well that is theones i can think off the back of my hand
got
anymore?add them here then.and by the way this tut was for newbies not
for the advanced so dont flame me..i only wrote it because someone
requested it
~rhys~
No comments:
Post a Comment