Skip to content
/ hidemyass Public
forked from evilpan/hidemyass

a post-exploit tool that carefully clean access log

License

GPL-2.0 license
3 stars 39 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

C0dak/hidemyass

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

2 Commits
unit_test
unit_test
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
core.c
core.c
 
 
core.h
core.h
 
 
hidemyass
hidemyass
 
 
main.c
main.c
 
 
option_parser.c
option_parser.c
 
 
option_parser.h
option_parser.h
 
 

Repository files navigation

hidemyass

'##::::'##:'####:'########::'########:'##::::'##:'##:::'##::::'###:::::'######:::'######::
 ##:::: ##:. ##:: ##.... ##: ##.....:: ###::'###:. ##:'##::::'## ##:::'##... ##:'##... ##:
 ##:::: ##:: ##:: ##:::: ##: ##::::::: ####'####::. ####::::'##:. ##:: ##:::..:: ##:::..::
 #########:: ##:: ##:::: ##: ######::: ## ### ##:::. ##::::'##:::. ##:. ######::. ######::
 ##.... ##:: ##:: ##:::: ##: ##...:::: ##. #: ##:::: ##:::: #########::..... ##::..... ##:
 ##:::: ##:: ##:: ##:::: ##: ##::::::: ##:.:: ##:::: ##:::: ##.... ##:'##::: ##:'##::: ##:
 ##:::: ##:'####: ########:: ########: ##:::: ##:::: ##:::: ##:::: ##:. ######::. ######::
..:::::..::....::........:::........::..:::::..:::::..:::::..:::::..:::......::::......:::
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
轻轻地我走了     正如给我轻轻地来                  
        我轻轻地挥手     作别西边的云彩            
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

This is a tool for wiping access log when you really wanna hide yourself from admin. We're modifying those systemlog very carefully by removing one single log record instead of the whole log file. Also, the file permission, owner/group and ctime/atime are kept as the old file.

usage

Usage: ./hidemyass [ENTRIES] [FILTERS] ACTIONS        
ENTRIES:                                
  -u, --utmp=utmp_file                
      specify the path to utmp file, which is /var/run/utmp by default 
      utmp file is read by 'who','w' and other commands 
  -w, --wtmp=wtmp_file                
      specify the path to wtmp file, which is /var/log/wtmp by default 
      wtmp is read by 'last' and other commands
  -b, --btmp=btmp_file                
      specify the path to btmp file, which is /var/log/btmp by default 
      btmp is read by 'lastb' and other commands
  -l, --lastlog=lastlog_file          
      specify the path to lastlog file, which is /var/log/lastlog by default 
      lastlog is read by 'lastlog' and other commands
FILTERS:                                
  -n, --name=username                   
      specify log record by username 
  -a, --address=host                    
      specify log record by host ip address  
  -t, --time=time                       
      specify log record by time (YYYY:MM:DD:HH:MM:SS) 
ACTIONS: 
  -p, --print                           
      print records for specified ENTRIES 
  -c, --clear                           
      clear records for specified ENTRIES with FILTERS
      usually you need permission to edit log 
  -h, --help                            
      show this message and exit

TODO

some other logs to clean

  • /var/log/auth.log
  • /var/log/secure
  • /var/log/maillog

Since you could modify system log, that usually means you have already got privilege escalation. As a result, you may want to clear other logs too, such as /var/log/syslog, /var/log/dmesg, /var/log/messages and some application crash logs.

About

a post-exploit tool that carefully clean access log

Resources

Readme

License

GPL-2.0 license
Activity

Stars

3 stars

Watchers

2 watching

Forks

2 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages

  • C 98.7%
  • Makefile 1.3%