top of page

Delete Firewall log on Remote PC using Metasploit


This article is only for educational purposes where we are trying to share our experience to enhance skills of cyber security researchers.

This article will help attackers to protect themselves if they were caught by firewall.

Usually when an attacker establish the connection with target’s system a log is generated having some details like time, ports, IP address and MAC address of attacker.

So if you are not aware of such things then you might leave an evidence of your attacks in victim’s system. To prevent yourself you must go through this article where you will learn how to read the firewall logs as well as how to delete the logs from victim’s PC.

Being an intelligent attack once you have hacked the target then after fetching important data the most essential thing is to read and delete the log files from the target system.

So now we are inside windows/System32 where we can perform admin level task. Type following command inside CMD shell to move inside the logs directory

cd logfiles/firewall

Type dir to observe the present directory of the existing firewall.


From screenshot you can find that there are two files and two directories, therefore being an attacker I need to check the log firewall from target PC. Now Type following command to read firewall logs.

Type pfirewall.log

So the highlighted log is showing MAC address of attacker system. Hence to protect yourself always delete these logs.

To delete pfirewall.log we must turn off firewall, type following command to disable firewall from victim PC.

Netsh firewall set opmode mode= DISABLE

Now type given below command to delete pfirewall.log

Del pfirewall.log

Verification Phase:

Now type given below command to verify pfirewall.log is still available or not in victim’s PC

type pfirewall.log

TRADEMARK LEGAL NOTICE All product names, logos, and brands are property of their respective owners in the Austria or other countries.All company, product and service names used on this website are for identification purposes only. Pheniix is notaffiliated with or an official partner of Cisco, CompTIA,Dimension Data, VMware, Amazon, Microsoft, Certified Ethical Hacker, (ISC)², Juniper, Wireshark, Offensive Security,Google, GNS3, F5, Python, Linux, Java, Openstack, Vagrant, Ansible, Docker, GIT, , Blockchain or other companies.Use of these names, logos, and brands does not imply endorsement.The opinions expressed on pheniix are personal perspectives and not those of Cisco , Dimension Data or any other company. Pheniix runs as an independent blog.

bottom of page