CleanTracks.rb auxiliary v1.3 released.

CleanTracks.rb auxiliary v1.3 released.

:[ Auxiliary Module History ]:
As metasploit framework long time user i realized that in actual database does not exist any module that cover your tracks efficiently (in a forensic breach investigation) after a successfully exploitation. Looking at the actual database we can only find two ‘meterpreter’ modules that help us in your task: ‘clearev’ that clears the Applications, System and Security logs on a Window system (eventviewer) and ‘timestomp’ to manipulate the MACE (Modified, Accessed, Changed) times of a file/appl (Window system)…Cleantrack-auxiliary-1.3
CleanTracks.rb auxiliary as writen to work in post-exploitation (after the target gets exploited and a meterpreter session pops up), it rellys on policies registry keys and cmd commands (remote executed by auxiliary) to cover footprints left in target system.
Description:
this module needs a meterpreter session open to cover, your fingerprints in target system after a sucessfully exploitation, it rellys on registry keys and cmd commands to achieve that goal. “Also we can set more than one option to run simultaneously”
stage1: prevents the creation of data in target system by adding registry policie keys into target regedit, this module should be run just after a sucessfully exploitation.
stage2: clear temp/prefetch folders, flushdns cache, clear eventlogs this module should be run befor leaving the current session also we can only use stage2 without runing stage1 but it will be more uneffective that runing the two stages separately.
getsys: getpriv msf module to elevate current session to authority/system, its advice to run it before running any of the stages describe above
(stage1 and stage2) logoff: logoff target machine (optional, more effective).

Usage :

CleanTracks.rb Script:

Source : http://sourceforge.net/p/msf-auxiliarys/