Hacker safely leaving "rub PP"

zhaozj2021-02-16  79

Summary of experience, write some of the most common hacker tools, I hope to give you some help

1. The use of Xiao Yan Elsave clearing the log:

First use IPC $ pipes: NET USE // IP / IPC $ "password" / user: ""

Clear the application log of the target system:

Elsave -s // ip -l "application" -c

Clear the system log of the target system:

Elsave -s // ip -l "system" "-c

Clear the security log of the target system:

Elsave -s // ip -l "security" -c

2. Windows2000 log removed:

WWW logs are generally under the% Winsystem% / System32 / LogFiles / W3SVC1, including WWW logs and FTP logs, generally stopping the WWW service after deleting: NET STOP W3SVC, then leave your IP log deletion, you also You can modify the log. Wwww log under W3SVC1, the FTP log is under MSFTPSVC, each log is named: exxxxxx.log, XXXXXX represents the date.

Other logs in Win2000:

Safety Log:% Winsystem% / System32 / Config / SECEVENT.EVT

Application Log:% Winsystem% / System32 / Config / APPEVENT.EVT

System Log:% Winsystem% / System32 / Config / Sysevent.evt

IIS's FTP log:% winsystem% / system32 / logfiles / msftpsvc1 /, default a log

IIS's WWW log:% winsystem% / system32 / logfiles / w3svc1 / default a log

Scheduler Service Log:% Winsystem% / Schedlgu.txt

Registry location:

[Hklm] / system / currentControlset / Services / EVENTLOG

SCHEDLULER service registry location project:

[Hklm] / Software / Microsoft / SchedulingAgent

If the log is positioned from the new position, the path is recorded in the registry.

Clear log

Clearing the log must be stopped first after the relevant service is stopped:

Www and ftp logs must be stopped W3SVC: Net Stop W3SVC

Then you can delete the log you want to delete below the relevant log directory.

The Scheduler service log must stop: Task Scheduler service can delete the log: NET STOP "task scheduler"

The services related to the system, security, application, etc. are: EventLog, but the project cannot be stopped directly, we can connect with IPC $, then open the computer management in the "Control Panel" to connect the remote computer, from the inside Delete the relevant content, but if the diary is more, it may take more time, and it is relatively high for the network speed. However, we can use a tool: Xiao Yan 's elsave to delete. Method, such as the first item.

You can also use a small tool to write: Cleaniislog comes from clearing the log, usage:

Cleaniislog [logfile] [.] [Cleanip].

Description: Clear log files,. Represents which IP address of all cleared logs,. Represents all IP records

Example: Cleaniislog. 127.0.0.1

A. You can clear the specified IP connection record and keep other IP records.

B. After the clearance is successful, Cleaniislog will clear the running record of its own in the system log.

Usage: Cleaniislog

<.>

<.>

: Specify the log file to be processed, if specified as ".", Processes all log files Note: Handling all log files take long).

: Specifies the IP record to be cleared, if specified as ".", Clear all IP records (not recommended to do this).

转载请注明原文地址:https://www.9cbs.com/read-12808.html

New Post(0)