Windows 2k/XP Log Files

[Tiger Shark]

Pooh:

If the FTP he referenced was Windows own FTP then the files will be found in %sysyem root%\logfiles\ftp-something or other.... (it's late...ok )

At the same time - I go back to my original statement..... The question was badly put, no further information of use has been offered but statements like "a few hours ago" coupled with "I just want to know where...." when the original question is two days old doesn't make me feel good about the author.....

Spydrpop: With luck you don't have the rights required to access the logfiles.... If your access is illegal that will serve you right and I hope you get caught. If your access is legal then I apologize but still question what it was you put there that you want no evidence of..... Finally, if you want to ask questions either learn to "couch" them in a non-conspiratorial fashion or ask them somewhere else. I only supplied my answer to your problem for future, legal users, rather than let them be led down a different path.

[Tiger Shark]

Pooh: In response to your comments made privately you stated that I "badgered someone for their grammatical skills". I didn't mention grammar at all. I pointed out that the question was badly put. Grammar is irrelevant, (and I had no problem with his grammar). The question came with no reasoning as to why or what, simply that the location of the logfiles was required because he had clearly done something he wasn't proud of, (whatever that might be). Had it been an honest mistake, (put the wrong clients fiscal data on this machine for example), then to have said so would have gone a long way to assauging my suspicious mind. As it was he made that post around 1:30 on 3/8. He then comes back 24 hours later and states that the "deed" took place a "few hours ago"..... Hmmm..... Let me see..... most people would have said "yesterday" or "the day before yesterday" had the deed taken place prior to the initial post. The implication is that he came looking to see what would be required to cover his tracks in a situation that was still being planned. He may have thought he had the information required and gone ahead only to find that the information provided, (a result of his lack of information), was not what he needed and has now returned hoping to find the "key" by providing information that will elicit a satisfactory result.

So, as you can see I do not "trust people alone based on ASCII text". Far from it. I look at each post, I look at the posting history if I think I need to. I look at their profile and then determine whether or not I will try to get some more information which is what my original post was intended to do. If a response was got I would then look at the consistency of the statements in comparison with other posts in the thread and in the profile to determine whether or not I should provide any information I have that might be of use.

Am I immune from being "socially engineered"..... <ROFLMAO> Of course not. Do I try to ensure that I am not becoming an accomplice in a crime? You bet your sweet A$$ I do. If you look through my posting history you will find many occasions where I have jumped in and stated that "so-and-so" should be helped not castigated for a badly put question or whatever but that is because on balance they do not appear to be attempting something "bad".

This is a forum about security, not a forum about elitist one-sided security

Pooh, you have no idea how close that is to what I have told others here in the situations I mention above.... It's almost word for word.

But, a word to the wise..... The most important thing you can possess in this field is a healthy yet oversized suspicion gland. Without it you will dismiss some little detail with a half-assed "logical reason" when it really is the little red flag you should be acting upon.

Lastly, security is absolutely "one-sided". The bad guys aren't into security. They specialize in _In_security. The two are mutually exclusive. The best security people have an understanding of the other "teams" speciality and visca-versa.

[pooh sun tzu]

Who are you to dare badger the other side? Whitehats, blackhats, they both need each other. If it were not for the continually skills and tests of blackhats, whitehats would have no idea what they would need to be defending, and the number of security patches would be down.

So tell me this, would you rather have the exploits found by others kept secret so that whitehats could never learn how insecure they really are (not like they can figure it out), or would it be better to the entire security community as a whole, to let them do their job so whitehats can do their own jobs.

You can't honestly say that without exploitation testing by black/grey hats, that the world would be a better/secure place? I've personally submitted plenty of exploits to BugTraq because I understand the value of greyhat penetration testing. Without someone having that curiosity to exploit/test, there would be no word of the exploits avaliable for you to do your job. Without someone having that curiosity and then publishing it, the information and exploit would stay underground, leaving you vunerable to exploits you would never have known existed as a whitehat. And yes, I know you in short agreed with what I just said from your previous post.

So, instead of asking outright "are you legit"... try to help him. He is going to get the information whether you help him or not, thus -- If you refuse to help him, leave him alone. Brings up a saying my father told me all during my teenage years : "If you can not help someone, do not choose to hurt them instead"

End of story. Show respect for the side of people that help you get your job done

[moxnix]

Who are you to dare badger the other side? Whitehats, blackhats, they both need each other. If it were not for the continually skills and tests of blackhats, whitehats would have no idea what they would need to be defending, and the number of security patches would be down.

pooh sun tzu, that is circular logic. In other words, you are saying that if it wasn't for the crooks and murderers, than cops wouldn't be able to do their jobs. And the bad guys help the good guys to catch the bad guys who help the good guys catch the bad guys, who help................
I aggree that preknowledge of an exploit will allow for security to defend against it, but to publish the exploit for some skiddie to use, so that you can justify your job is slightly over the top.

[Tiger Shark]

Pooh:

Who are you to dare badger the other side?

It's my JOB to badger, harass, be deceptive with, deny information to and generally make thier lives as difficult as possible. I don't give a rats ass if it makes their little lives problematic... I could care less if their little bottom lip curls and the pitch a bitch fit..... In fact it's my aim in life These liitle monkeys are little short of cyber terrorists and we have seen what happens when you don't make terrorists lives difficult. It's no different in our virtual world.

So tell me this, would you rather have the exploits found by others kept secret

Pooh, gimme a break..... If Spy is malicious he's not someone who is teaching me anything. He doesn't know where to find the goddamn log files.... Yeah, he's l337 . More likely, (should he be malicious), that he is one of the little monkeys I refer to above that wants to be l337 but doesn't have a clue. (NOTE: I am not making judgement on Spy himself at this point).

You can't honestly say that without exploitation testing by black/grey hats, that the world would be a better/secure place?

I don't say that. I agree. But you are utterly out of context. When a know-nothing script kiddie comes here asking how to cover his tracks after his successful "sploit" we aren't talking about a blackhat hacker/cracker. We are talking about a malicious little child who is too lazy or too stupid to be able to research the subject for themselves so they come here hoping for the "quick fix". It pleasures me no end to send them away without the information because, in my mind I'm hoping that the admin who let them in, (and let's be honest here - if the kiddie can get in then the admin was not paying proper attention), is smart enough to realize he's been hacked and catches the perpetrator because the log files are still intact......

try to help him.

The best way I can help him is to not provide him with the information. If I give it to him this time he may get away with it and take on a bigger target with an admin that isn't as lax as the first. Then he goes to jail. How did I help him by making him think he is l337? Go back through my posting history..... You will find occasions where I, and others, have discussed the ethics of what they want to do and they have stated that we have changed their minds about their plans.... Can one truly believe them? No..... But making them at least think about it is much closer to helping them!!!!!!

"If you can not help someone, do not choose to hurt them instead"

Pooh.... If you attack, or intend to attack, myself, my family, my friends or my community you had better be prepared to deal with me if I find out about it. Anyone who partakes of mailicious activity, especially the kiddies who are really only preying on the most helpless, will be treated with utter contempt, will receive no assistance from me and if I can assist in harming them, (getting them in trouble with law enforcement), I will. It's really that simple.

If you are so keen on the free passage of information perhaps you would like to post your network's architecture, IP address range, implemented security systems etc. here for all of us to see. What, you won't! Why Pooh? Because it is a preposterous suggestion isn't it? But why is it any more preposterous than telling a know-nothing skiddie who is just a hair away from being caught because he didn't think things through properly how to get himself out of trouble????????

Freedom of and exchange of information is fine in most businesses. But not in security. The truly talented malicious crackers out there don't publish their findings.... They call them "zero-days" and use them against their victims. You seem to see them as some kind of knights in slightly tarnished armour. They aren't, and the sooner you understand that the better. They are the enemy and need to be treated as such lest they chose you next. They won't come nicely from the front, Pooh..... They will sneak up behind you and "stab you in the back" smiling all the while, because that's who they are.

[whyjnot]

OK, I read and read and read, but never post here........ but you guys
Why do you insist that every time someone doent word a question perfectly, you tear into them like they are a criminal....... I know spydrpop, and I know that he is always trying to learn new things about comps..... and im pretty certian that this is for his knowledge/legitimate uses
why do you guys always have to be elitists that are so judgemental....... its not too becoming

I only found one person who thinks right, poo sun tzu.





**puts on flame retardant suit**

[pooh sun tzu]

Tiger, I've now lost all respect for you, because you have taken this down to insults.

Pooh.... If you attack, or intend to attack, myself, my family, my friends or my community you had better be prepared to deal with me if I find out about it.

That is, if you can see it happening right?

If you are so keen on the free passage of information perhaps you would like to post your network's architecture, IP address range, implemented security systems etc. here for all of us to see. What, you won't!

Yes, I will. In fact, that involved every single aspect of my security XP testing. Sorry, you missed out. All information, IP, network usage, and etc was disclosed and released.

Why Pooh? Because it is a preposterous suggestion isn't it? But why is it any more preposterous than telling a know-nothing skiddie who is just a hair away from being caught because he didn't think things through properly how to get himself out of trouble????????

Not a preposerous suggestion at all. As I said above, already did what you have asked. And while no one was able to break in, the reports and logs from their activities has made me a better admin because of it.

Freedom of and exchange of information is fine in most businesses. But not in security. The truly talented malicious crackers out there don't publish their findings.... They call them "zero-days" and use them against their victims. You seem to see them as some kind of knights in slightly tarnished armour. They aren't, and the sooner you understand that the better. They are the enemy and need to be treated as such lest they chose you next. They won't come nicely from the front, Pooh..... They will sneak up behind you and "stab you in the back" smiling all the while, because that's who they are.

This is where our little friendship ends. Sounds like you were burnt once, and that's too bad. But don't dare slap a lable across us other greyhats because you had a bad runin with a blackhat. For the same reason I won't say each and every whitehat is a snob that only reads the information grey/blackhats release later on, is the same reason you can not preassume the situation/intentions of each other hacker. That is NOT 'who they are'. Take your anger and frustration elsewhere, and next time you check BugTraq and the CERTS read the latest headline for a patch that needs to be placed ASAP, remember that it wasn't a whitehat who discovered it, it was a greyhat who discovered it and published it/and or/ patched a release for it.

[AngelicKnight]

So wasn't there actually a security topic being discussed here at some point, prior to it becoming a philosophy class?

Knock it off guys, you can speculate intentions all day and get nowhere. Until someone around here becomes a mind-reader it's not going to be anything more. Don't give away too much info to make someone dangerous, and beyond that, just deal with the topic on hand.

[Tiger Shark]

whyjnot: Elitist has nothing to do with it.

If someone comes to you asking for the pin to your bank card with no explanation would you give it? Of course not! You probably shouldn't if they give an explanation but that's a whole other thread, . The point is that without making me feel all "warm and fuzzy" about your intent I may be giving you information that you are going to use against me in the near future.

Helping people is all fine and dandy. Helping people who you think may be doing illegal things is not the right thing to do. It's a moral issue not an "I'm better than you issue" and it's always better to err on the side of caution where security is concerned.

[whyjnot]

Tiger Shark: the elist part was taling about other threads that I have seen where the senior members/members basically crap on people that have less expierance than them