Last visit was: It is currently Sat Sep 23, 2023 1:29 pm


All times are UTC-05:00




Post new topic Reply to topic  [16 posts ] 
Author Message
 Post subject:log deleter version 3 >.<
PostPosted:Mon Oct 27, 2008 8:56 pm 
 

Joined:Tue Aug 14, 2007 10:07 am
Posts:55
Yahoo Messenger:azurozeta@yahoo.com
Location:Indonesia
This mission used a log deleter v3 and i need to recover the original log. I detected an anomaly of the date of these logs (the top log is somewhat old log) but i don't know where to apply the log undeleter. It is indeed difficult T_T


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Tue Oct 28, 2008 2:41 am 
 

Joined:Mon Dec 19, 2005 4:06 pm
Posts:112
Location:Finland
Version 3: Copies another legitimate access log over the target. Difficult to detect. 2000c / 1Gq

Well, I'd use it on every log, but according to this there should be two identical logs, and the other one is a fake.

Btw, I don't suggest buying v 2.0 or 3.0 log deleters, since they're not really better than v 1.0. Just use 1.0 'til you can afford a 4.0


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Tue Oct 28, 2008 4:19 am 
 

Joined:Tue Aug 14, 2007 10:07 am
Posts:55
Yahoo Messenger:azurozeta@yahoo.com
Location:Indonesia
nah, i'm on a mission to trace unauthorized transfer, in the statement list, the top log (should be most recent log) is somewhat old, so i assume the hacker used log deleter v3 to cover his track. My question goes on how to uncover his real trail?


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Tue Oct 28, 2008 9:40 am 
User avatar
 

Joined:Sat Nov 17, 2007 8:45 am
Posts:204
Log undeleter?


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Tue Oct 28, 2008 11:09 am 
Literally Nine
User avatar
 

Joined:Tue Mar 01, 2005 9:00 am
Posts:1263
Followed by IP_Lookup


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Tue Oct 28, 2008 11:41 am 
 

Joined:Tue Aug 14, 2007 10:07 am
Posts:55
Yahoo Messenger:azurozeta@yahoo.com
Location:Indonesia
That's what i'm saying. Log undeleter doesn't work. I even tried all logs on the list and i can't have any IP address i can look up with.


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Tue Oct 28, 2008 12:57 pm 
Literally Nine
User avatar
 

Joined:Tue Mar 01, 2005 9:00 am
Posts:1263
If you accept the mission too long after its posted, you won't be able to do it at all.

You can't expect hackers to lay down for you and leave their tracks out in the open.


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Tue Oct 28, 2008 7:40 pm 
 

Joined:Tue Aug 14, 2007 10:07 am
Posts:55
Yahoo Messenger:azurozeta@yahoo.com
Location:Indonesia
So i'm left out with a mission i can't deal with T_T what a pain.


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Tue Oct 28, 2008 8:04 pm 
 

Joined:Tue Aug 14, 2007 10:07 am
Posts:55
Yahoo Messenger:azurozeta@yahoo.com
Location:Indonesia
But i thought it's still solvable, coz he used log deleter v3 which is still possible to detect. The log list looks like this:

03-03-2010 Uplink montly fee <<< a really out of place log, judge by the date
22-03-2010 Transfer 400c to X
16-03-2010 Transfer 200c to Y
11-03-2010 Transfer 50c to Z


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Tue Nov 04, 2008 4:02 am 
 

Joined:Tue Aug 14, 2007 10:07 am
Posts:55
Yahoo Messenger:azurozeta@yahoo.com
Location:Indonesia
Hey, Miah, when i think about it, there is no way that the hacker can go without trace. You see, when he establish connection to target computer to delete logs, he'll leave logs upon his connecting and closing connection. Even if he log back again, and delete those 2 logs, he'll leave 2 new, more recent logs, and we can just trace it by determining that IP. I mean, if it's not us, it got to be enemy :p


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Tue Nov 04, 2008 9:55 am 
User avatar
 

Joined:Mon Oct 13, 2008 8:40 am
Posts:171
AOL:VaiusArkollos
Location:Nowhere
Yeah, he can go without a trace. He just has to break the connection in the middle. And use deleter v4.

ex: Me. Every hack, the first bounce point is InterNIC. That way, I directly connect there and delete all the logs (except for "connection established/destablished from 127.0.0.1") to break the chain (InterNIC neither passively nor actively traces you). I haven't been caught when doing this.

_________________
Nothing is true; Everything is permitted.


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Tue Nov 04, 2008 10:38 am 
 

Joined:Tue Aug 14, 2007 10:07 am
Posts:55
Yahoo Messenger:azurozeta@yahoo.com
Location:Indonesia
I know, but that's for the admin passive trace. I'm talking about YOU that is tracing. You know the mission "trace a hacker who recently broke our system", don't you? Even if you delete the log using V4 log deleter, there will be "connection establish from 127.0.0.1" and the connection close. In real life, you're practically save, because that log is not enough evidence for warrant your arrest, but in onlink, i can just report your name and then the company who hire me will acknowledge it by 'mission successful' as if they know who hacked them in the first place. You get my point? Even if there is no evidence left, you can throw every name in the international social database until you get the right one.


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Tue Nov 04, 2008 10:44 am 
Literally Nine
User avatar
 

Joined:Tue Mar 01, 2005 9:00 am
Posts:1263
When did the admin EVER do his own passive trace?

You might notice that after you do a high profile hit (typically a wipe) that about 30% of the time a trace-a-hacker mission shows up on the queue that you cannot accept.

You can't accept it, because you are the target. Victims hire agents from Uplink.


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Tue Nov 04, 2008 11:56 am 
 

Joined:Tue Aug 14, 2007 10:07 am
Posts:55
Yahoo Messenger:azurozeta@yahoo.com
Location:Indonesia
That's what i'm saying, Miah. It is said that if the mission to trace hacker is 1-2 days old, that mission will become impossible to finish. Well, i find it possible. Other uplink hackers might not be able to catch us, but we can catch them, even if it 3 days old. Why? Because log "connection established from xxx" only created by hacker, if it's not us, then it's them. Other users are connected by miracle, the log only say "xxx accessed file" but there isn't any connection establish and closed log.


Top
Offline  
 Post subject:Re: log deleter version 3 >.<
PostPosted:Sun Nov 09, 2008 12:22 am 
User avatar
 

Joined:Mon Oct 13, 2008 8:40 am
Posts:171
AOL:VaiusArkollos
Location:Nowhere
Quote:
When did the admin EVER do his own passive trace?

You might notice that after you do a high profile hit (typically a wipe) that about 30% of the time a trace-a-hacker mission shows up on the queue that you cannot accept.

You can't accept it, because you are the target. Victims hire agents from Uplink.
You know, for some reason that reminds me of an extremely coincidental experience I had in the Uplink demo.

I had accepted my first mission. Protovision wanted me to steal a file from the Keytron Corp Internal Services Machine. I completed it, and the next mission I accepted, Keytron Corp wanted me to delete a file from the Protovision Internal Services Machine.

Strange, isn't it? :lol:

_________________
Nothing is true; Everything is permitted.


Top
Offline  
Display posts from previous: Sort by 
Post new topic Reply to topic

All times are UTC-05:00


Who is online

Users browsing this forum: No registered users and 16 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
Theme created by Miah with assistance from hyprnova