Challenge - Covering your Tracks

Covering your tracks - During a pentest or red team exercise, it is often necessary to erase traces of your presence, to throw the opposition off. The easiest way is to erase the logs outright. Also, as a scenario wraps up you want to leave a way back in with the creation of new accounts on several systems and/or the domain. An implant was set up to call out to the attacking machine on port 4321 every 15 seconds. It will allow direct access to the admin network. This will aid in accessing the main Active Directory server.

Overview

Level – Intermediate

Skills Needed – Using Metasploit, anti-detection.

Goal – To eliminate traces of malicious activity on the corporate network.

Known Network(s) – 192.168.1.0/24, 10.10.10.8/29, 10.10.30.16/28, 10.10.50.16/28, 10.10.70.16/28, 10.10.40.8/29, 10.10.80.16/28

Tools used – meterpreter, Metasploit, windows and linux command line.

Courses

Cyber Challenge Range