How to Delete Firewall Log in Remote PC using Metasploit

This article is only for tutorial purpose where we are trying to share our experience to enhance skills of IT researchers. This article will help attackers to protect themselves if they were caught by firewall. Usually when an attacker establish the connection with target’s system a log is generated having some details like time, ports, IP address and MAC address of attacker. So if you are not aware of such things then you might leave an evidence of your attacks in victim’s system. To prevent yourself you must go through this article where you will learn how to read the firewall logs as well as how to delete the logs from victim’s PC.

Being an intelligent attack once you have hacked the target then after fetching important data the most essential thing is to read and delete the log files from the target system.
First hack The Victim PC read Here

So now we are inside windows/system32 where we can perform admin level task. Type following command inside CMD shell to move inside the logs directory

cd logfiles/firewall
Type dir to observe the present directory of firewall.
Dir


From screenshot you can find that there are two files and two directories, therefore being an attacker I need to check the log firewall from target PC. Now Type following command to read firewall logs.
type pfirewall.log


So the highlighted log is showing MAC address of attacker system. Hence to protect yourself always delete these logs.
To delete pfirewall.log we must turn off firewall, type following command to disable firewall from victim PC.
Netsh firewall set opmode mode= DISABLE


Now type given below command to delete pfirewall.log
Del pfirewall.log


Now type given below command to verify pfirewall.log is still available or not in victim’s PC
type pfirewall.log

0 comments:

Post a Comment