Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Clearing IIS logs

From: "Tony Harris" <tonyh () techie com>
Date: Tue, 9 Oct 2001 00:05:15 -0400
In most Pentests you might want to avoid permanently deleting the logfile,
it might contain evidence of a hostile penetration of the client system.
You could delete the file using the method below after saving a copy of the
original logfile incase it is needed, or stop the IIS service modify the
file and restart the service, with the below commands it takes about 10
seconds.

net stop W3SVC
copy logfile logfile.old
find /V "yourIPaddress" logfile.old>OriginalLogfileName
net start W3SVC
del logfile.old


-----Original Message-----
From: julian1.linton () mail famu edu [mailto:julian1.linton () mail famu edu]
Sent: Saturday, October 06, 2001 10:43 AM
To: pen-test () securityfocus com
Subject: Re: Clearing IIS logs


I would just use the date command to change the
date and IIS will create a new log base on the date u
just created, then you can delete the old log and
change the date back. work all the time...

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Previous By Date Next
Previous By Thread Next

Current thread: