Discover why disabling logging and hiding files are valuable skills for an Ethical Hacker. Lisa Bock discusses how to hide files and tools. Files can be hidden in Alternate Data Streams or Steganography, but ultimately, installing a rootkit will provide a way to hide tools and give backdoor access to the system.
- [Voiceover] When conducting an ethical hacking exercise, one valuable skill is to be able to hid files and tools with the goal of getting back into the system. Files can be hidden in alternate data streams, or Steganography, but ultimately, installing a rootkit will provide a way to hide tools, give backdoor access to a system, and also some rootkits have log scrubbers to hide any activity. When administrative access is achieved, the ethical hacker can disable auditing. We can do this via the command line interface, or the graphical user interface.
Before you get out of the system, you'll want to turn auditing back on. Let's a take a look. The Microsoft server family of operating systems is popular with small businesses, so let's take a couple of ways to view auditing here in server 2008. I'm at the command prompt, I'll right-click and run as administrator. And I'll type audit policy, list, space, user. And here we can see the audit policy is defined for the following user accounts.
That's fine, and we could do more with auditpol, but let's take a look in the graphical user interface. I'll go to the local security policy. Now, if we take a look in here, you can see that I've selected audit policy and the different policies that are on, and the security settings. Keep in mind, an administrator can log virtually everything, but we wanna make sure that we do take a peek at these logs, although some of the devices will warn us if something is unusual, or suspicious, you should get in the habit at taking a look at your audit logs.
Now, let's take a look here. You can see audit logs success failure. I'll go into properties, and here we can just say, un-check those and don't audit any of those, and then go through... And then we can un-check those, so we don't have any auditing. When we go back in, you wanna keep in mind- remember what it is that they were auditing and reapply them... Before you exit the system. So, keep in mind, we have ways we can hide our files and tools, but we also have methods and we should cover any traces of our existence while in the system.
These tutorials, along with the other courses featured in the Ethical Hacking series, will prepare students to pass the Certified Ethical Hacker exam and start a career in this in-demand field. Find out more about the exam at https://www.eccouncil.org/programs/certified-ethical-hacker-ceh/.
- Acquiring passwords
- Generating rainbow tables
- Understanding where passwords are stored
- Defending against privilege escalation
- Understanding spyware
- Protecting against keylogging
- Detecting steganography
- How hackers cover their tracks