Abstract
Professional penetration testing requires stealth to avoid detection during attacks that traverse the target network, but rarely involves covering tracks while in a target system. This chapter describes some techniques that are useful in cases where part of the project is to determine the ability of system administrators to detect attack. If penetration testers want to ensure that all their activity is untraceable, but do not care if their presence is detected, they should delete log files. Two options for manipulating log data are deleting the entire log or modify the contents of the log file. If the log is deleted, testers should ensure that all their activity is untraceable. The drawbacks to deleting log data is that a system log file, chances are the system administrator will detect the event. When manipulating log data to change data within the log file itself testers can hide their attempts to elevate privileges on a server, and once successful, they can remove any log data related to their attack within the log itself, so when a system administrator examines the log file, they won't find our efforts. During the course of a penetration test, we may need to add files and scripts to the exploited system. If they aren't careful, a system administrator could find their scripts and halt their attack. To hide files, one can hide them in plain sight or use the operating system file structure.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
