Cover your tracks during Linux exploits/penetration testing by leaving zero traces on system logs and file system timestamps.
moonwalk is a 400 KB single binary executable that can clean up your traces when pen testing Unix machines.
It saves the pre-exploitation state of the system log and restores that state, including the post-exploitation file system timestamp, leaving zero traces in the shell.
⚠️ Note: This tool is open source and is only used to assist the red team in its operations. The author is not responsible for any consequences caused by prohibiting the use of this tool. We are not responsible for the consequences. Only use it on machines you have permission to test on.
feature
-
Small executable file: Quickly start curl to obtain the target machine.
-
Fast: Execute all session commands, including logging, trace clearing, and file system operations, within 5 milliseconds.
-
Reconnaissance: To save the state of the system log, moonwalk finds a globally writable path and saves the session in a point directory, which is deleted when the session is ended.
-
Shell History: Instead of clearing the entire history file, moonwalk restores it to include calls to moonwalk.
-
**File System Timestamps:** Hide the blue team by reverting the access/modification timestamps of files to the way they were using the GET command.
Install
`$ curl -L https://github.com/mufeedvh/moonwalk/releases/download/v1.0.0/moonwalk_linux -o moonwalk`
(AMD x86-64)
or
Download the executable from Releases(https://github.com/mufeedvh/moonwalk/releases) or install cargo using the following command:
`$ cargo install --git https://github.com/mufeedvh/moonwalk.git`
Install Rust/Cargo: https://rust-lang.org/tools/install
Build from source
prerequisites:
-
Git
-
rust
-
Cargo (installed automatically when installing Rust)
-
AC linker (Linux only, usually preinstalled)
`$ git clone https://github.com/mufeedvh/moonwalk.git``$ cd moonwalk/``$ cargo build --release`
The first command clones this repository to your local machine and the last two commands go into the directory and build the source code in release mode.
usage
After installing the shell to the target Unix machine, start a moonwalk session by running the following command:
`$ moonwalk start`
While you're doing recon/exploitation and messing with any files, touch the command to get the file's timestamp beforehand so you can recover it after you access/modify it:
`$ moonwalk get ~/.bash_history`
After exploiting, clear your traces and close the session using:
`$ moonwalk finish`
That's it!
download link:
https://github.com/mufeedvh/moonwalk
If there is any infringement, please contact us to delete it.
How to learn hacking & network security
As long as you like my article today, my private network security learning materials will be shared with you for free. Come and see what is available.
1. Learning roadmap
There are a lot of things to learn about attack and defense. I have written down the specific things you need to learn in the road map above. If you can complete them, you will have no problem getting a job or taking on a private job.
2. Video tutorial
Although there are many learning resources on the Internet, they are basically incomplete. This is an Internet security video tutorial I recorded myself. I have accompanying video explanations for every knowledge point in the roadmap above.
The content covers the study of network security laws, network security operations and other security assessments, penetration testing basics, detailed explanations of vulnerabilities, basic computer knowledge, etc. They are all must-know learning contents for getting started with network security.
(They are all packaged into one piece and cannot be expanded one by one. There are more than 300 episodes in total)
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
3. Technical documents and e-books
I also compiled the technical documents myself, including my experience and technical points in participating in large-scale network security operations, CTF, and digging SRC vulnerabilities. There are more than 200 e-books. Due to the sensitivity of the content, I will not display them one by one.
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.
4. Toolkit, interview questions and source code
"If you want to do your job well, you must first sharpen your tools." I have summarized dozens of the most popular hacking tools for everyone. The scope of coverage mainly focuses on information collection, Android hacking tools, automation tools, phishing, etc. Interested students should not miss it.
There is also the case source code and corresponding toolkit mentioned in my video, which you can take away if needed.
Due to limited space, only part of the information is displayed. You need to click the link below to obtain it
CSDN gift package: "Hacker & Network Security Introduction & Advanced Learning Resource Package" Share for free
Finally, here are the interview questions about network security that I have compiled over the past few years. If you are looking for a job in network security, they will definitely help you a lot.
These questions are often encountered when interviewing Sangfor, Qi Anxin, Tencent or other major companies. If you have good questions or good insights, please share them.
Reference analysis: Sangfor official website, Qi’anxin official website, Freebuf, csdn, etc.
Content features: Clear organization and graphical representation to make it easier to understand.
Summary of content: Including intranet, operating system, protocol, penetration testing, security service, vulnerability, injection, XSS, CSRF, SSRF, file upload, file download, file inclusion, XXE, logical vulnerability, tools, SQLmap, NMAP, BP, MSF…
Due to limited space, only part of the information is displayed. You need to click on the link below to obtain it.