There’s a script called clearev to clear all event logs in metasploit meterpreter. The program will enter the event logs on a Windows system and clear all logs in the system. This action will remove our connection and attempted connection from the log files. Most admin systems are not vigilant to this, but some admin might find this suspicious.
To remove our history, we can use the command:
- Simply type “clearev” in meterpreter.
We have to make certain that our command history is erased before leaving the compromised. The bash shell we’re typing in will save our last 500 commands. A system admin could track all of our commands and detect and decipher our activities on the system and potentially use them as evidence.
To see our history, use the more command:
- more ~/.bash_history
The size of our file history is determined by the variable HISTSIZE. We could then set it to zero by typing:
- export HISTSIZE=0
Now, our shell will not store any of our history! If you change the HISTSIZE to zero before beginning the hack, none of the commands will be stored.