Cleanup and covering tracks
In pentesting, it’s essential to clean up after completing your assessment. This process involves removing any artifacts, logs, or traces that might indicate your presence on the system. This section covers various techniques you can use to clean up and cover your tracks using Bash scripting.
One of the first steps in cleaning up is to clear the command history. This prevents the system administrator from seeing the commands you’ve executed.
The history command will clear and write an empty command history – that is, history -cw.
The history -c command clears the current session’s history from memory, while the history -w command writes the (now empty) history to the history file, effectively erasing the previous contents.
Deleting the ~/.bash_history file doesn’t clear the history because ending your current session will cause all commands that were entered during the session to be written to the recreated...
