Web application security - the fast guide 1.1 | Page 154

Chapter 7 - Attack execution (3)
P a g e | 154
request will be properly handled after dropping unnecessary fake parameters
and executing the injection payload.
7.11.3 Clearing logs:
If the attacker was able to have a root control on the web server there are some
tools like Meterpreter that can help to empty, the logs on windows machine
using clearev script.
As for Linux machine you can delete the log files located in (/var/log) directory
using any text editor.
7.11.4 Obfuscation logs:
Some attackers try to complicate the resulting log file in order to make analyzing
and understanding the attack a harder task. An example about that is the usage
of hexadecimal encoding to encode the URL, this value will be correctly decoded
by the server but it will confuse human reader and escape many automated
detection systems.
7.11.5 Not me:
one of the most effective approaches that attackers use is to exploit a
compromised machine to do the attack on their behalf, which will shift the
responsibility to the zombie machine that is normally selected from a multiuser
environment in a geo location where legal restrictions are minimal. A common
target is public universities machines and home machines.