Search This Blog

Populære indlæg

Saturday, January 3, 2015

a bit about hacking

INTELLIGENCE GATHERING

how find info without someone monitoring my connection getting suspicious

find fast new https proxy (any other proxy is not encrypted)

start a huge torrent dl. use a lot of connections. dl’ing a complete linux distro with sources should give you the time needed.
and then “clean” your log-files. your isp have logs of your connections and the amount of data transferred even if using encrypted lines.

bounce scans through same proxy

isp will see a lot of encrypted traffic but nothing that can be identified


FOOL SOMEONE SCANNING / ATTACKING ME

setup router to vm

multiple vm's and change between them… confuse

xp + apache + ms sql
red hat + tomcat + oracle
7 + iis + access
freebsd + apache + mysql +ftpd

A proven effective tactic is to say a lot of shit so when I do spill it nobody gives a shit. Everybody will say: "Oh! More shit from him. He can't be trusted." But hard evidence always prevail.

MAKE IT HARDER - CHAINED PROXY'ING

Normally chained proxy'ing would require some form of influence on the proxy server's configuration.

This is more like chained proxy'ing lite. But everyone looking will follow the proxy then the vpn and then they realise they wasted their time.

VPN, then tunnel an encrypted free / public proxy through it

always use a proxy for backup if vpn goes offline real ip is exposed. socks5 for speed https for privacy
*** SOLVED: dns dropped when vpn goes offline. traffic halted

******* GOOD PRACTICES

NEVER EVER USE CELL FOR THIS SHIT

IF TIME IS NOT IMPORTANT: REMOVE PARTITIONS ON OLD HDD AND MAKE NEW ONES, BUT MAKE IT ENCRYPTED. THE INITIAL ENCRYPTION SETUP
ON THE HDD WILL OVERWRITE EVERYTHING ON THE DISK. HATE WASTING A DRIVE :-)

do not store key-files (gpg etc) in keychains. install’em when needed and remove when done. at least if you are involved in
something you weren’t suppose to be doing but in fact is the right thing to do.

REMOVE ALL INFORMATION FROM PROXY SETUP ETC. IF I’M CAUGHT THEY STILL HAVE TO PROVE ME GUILTY

primary rule of engagement: be prepared. be scared

always have more than one connection available. not from the same isp but from different ones

a good practice could be to make bogus posts on known hacker boards. if you can get identified hackers to say “nice one but do you actually code?” the feds will most likely label you a wannabe hacker hang-around. the important thing is that they do not see you as a threat. even though top100 could be sweet it is the downfall of any good hacker

using standard language files to hide shell-code on a webserver

this one is so hard. avoid temptations of provocations. especially against intelligence services. after all they are primary threat unless you fuck with organized crime syndicates as they will kill you if they find you or worse force to work for them. no matter you’re screwed

watch public channels of known hacker groups. when they prepare for attack so do i. intelligence services will have their attention on ex. anonymous not me.

if contact is needed create a very temporary email address like “sdhgfjksahgfiuq2ye43” or similar and delete when your done. delete every mail in every box. empty trash. THEN delete the account. in fact always use a newly-created account for anything.

when done kill all log,tmp,swap as possible to give away no intel

if suspecting a keylogger active use history ( !x | grep), scripts, other automation methods

also to avoid logs. maybe read-only guest access with all shit on a ramdrive in system memory

*** MUST TRY

use squid to branch out connections. proxifier for mac works great at this

example:
firefox through vpn just to check target
terminal through i2p as httpproxy
nessus through tor as socks5
safari through zap

**
** tried. works. just dandy :-)
**

this should conceal not only my identity but also my true numbers since log files will show that the attack had been coordinated and happened simultaneously from multiple locations…
BURST-FIRE HACKING RULES :-)

*** END MT ***

maybe timer-based scripts to ensure deletion of files with possible intel of me i.e. log-files


*** CREDIT CARDS ***

have one card in one bank used for payments, internet buy, etc
have your regular accounts in another bank. transfer money when needed
that way even if your “public” card is exposed no harm they get a few dimes. fuck’em

*** END CREDIT CARDS ***



*** encrypted drives ***

i use it. internal and external. why make 2 different choices?

mental note: passware claims they can decrypt any computer. well. yes if it has not been shut down.
and apparently they have some difficulties with their facts. i perceive it as this:
they can do a memory extraction (from system memory through firewire or by attacking the swapfile) but their
example only allows for 3 or 4 gb extractions. and there are some problems with the file being to large
for good old win(32-bit). 64-bit shouldn’t have this problem.
but i have 16 gb of memory in my macbook pro 17” (late 2011) and virtually no swap-file (it’s always 0 mb out of 64 mb).
the swapfile is the one thing on my computer not armored with mathemagics.
the reason why i leave it unencrypted is that - i think, i hope, i pray - that the os won’t store “sensitive” info in the swapfile. it always take a few mb’s when it’s encrypted. i haven’t got any real proof but it’s a nice illusion.

but other intel points out that you are damn stupid if you crack your cell.
it opens up pandora’s shit-box of retrieving plist files with unencrypted pw’s. nice one

so in fact they can’t do shit as long as one remember to shut down when the computer is not in use.

also my cpu has aes-ni from intel which does the encrypting/decrypting virtually without memory lookups. off course the file has to be read from somewhere (the recovery partition). but tapping into memory is not as easy as tapping someones wifi.

and people pay these idiots? extract and decrypt my hairy tits .|..

ps: why pay $1000 for a piece of crap when the best in russian cyber-tech goes at half the price?

*** end encrypted devices ***



*** encryption keys ***

never send public keys using the email address they are linked to
gives your mail supplier an easy way to peep
and we all know how well the justice system works especially with “secret” judges

*** end encryption keys ***



connection rules
use random selection of vpn-servers. choose proxies per case.
setup laptop -> i2p/tor/ka+- -> vpn (use vpn proxy settings) and use 2 different ciphers
setup attack/fuzz/dynamic proxy -> tor/ka+/i2p (vpn is tunnel over these)
setup system proxies to desired attack-proxy
anon-net takes over when vpn ends. should take care of the honeypot issue
this way anon-net knows not your vpn and vice versa. should make it near impossible to trace me. up yours, loggers!
also if using a proxy for the vpn your vpn provider will not know your true ip

also it is vice to have vpn not restore original network settings (dns etc) so that connection is rendered utterly useless if vpn fails. nothing out. nothing in. this is to ensure that non-encrypted traffic never leaves the computer.

if having that feeling when "doing what you have to do to do be able to do what you do" better pull the internet cable. never use connects using wifi or bluetooth.
it is much faster to pull the connecting cable (incl 3g/4g usb dongles) than to log out and shutdown everything.

always have a powerful (mine is 750kv) stun gun to ensure data extraction will not be easy. zap all devices. tablets, cells, drives, laptops, modems, everything… oh yeah, always use fresh batteries

check what ip is broadcasted from web and terminal. "curl http://checkip.dyndns.org" or "curl http://showip.net | grep check_ip". and for the sheer provocation "whois pet.dk". the only usable information you get is your own public ip so who is pet? you :-)

always disable and delete logfiles on target. give them as little intel as possible

when communicate always use only small letters with no classic hacker 1337-shit like "h4ck" and never overuse any punctuation ("" ok) smileys -== ..|, -\|/-

furthermore to hide my true nationality use machine translations

never name names always name systems or sector. but again, if it increases success rate do it as in the ad’s

password policy is make them hard to remember to ensure that they are forgotten once in a while so that a new one is mandatory. just press “forgot password” every other day. hacking mail accounts is so damn easy for those pursuing that fine art.

one other thing: use scripts, functions and aliases to speed up.
By at 1 comment:

less unsafe network

safe servers network
********************

*** edit: “safe” implies “less unsafe” ***

every desktop machine has exactly the same software (even if not used by the user) in the same versions. cuts down 2nd-line support. and if a problem is solved on one machine it is solved on them all. example: an exploit becomes known. fix it one place and it’s fixed all over. also makes adding new machines easy as 1-2-go

two “dead-man-switches”
1. cuts connection to the grid (kills routers). this way key-loggers etc don’t call home
2. cuts bridges to server farm. if a virus is loos on the intra protect the servers. data is vital. not desktops.

this cannot be emphasized enough: there are no automatics on a secure network. none! it's always a good idea to lookup problems before installing an update.

servers who needs to be accessible from outside should be isolated on their own connection. this means that all machines on the inside of the network (lan) will have their own connection. so, at least 2 connections are required. this is a public/private seperation. it may seem like overkill but it allows that the router (internet access point) on the private part can have it's dmz redirect inbound traffic to a non-existing ip. administration on the public part is done through 22h ot a webbased interface.

no wi-fi allowed. no equip leaves building. none gets in (people must lock their cells in).
these will very soon be the really big exploit in the very near future (it’s already happening) and the potential for a major fuck-up is ludicrous

each server-function is located on ONE server each (i.e. web on one, maybe 4 * 1 dbms).
only mandatory ports are open on each firewall. if a machine does not need to do dns-lookups udp/tcp53/993 etc is sealed. also fw’s should be in stealth mode not answering icmp request.
if an extra measure is required use different versions of the software. every software has holes. but every version has different holes. no vm’s. if the vm is compromised, the host and every vm on it is compromised too.

a public server should be made completely cut-off from the real intra. all adm, updates, etc should be made through the internet. any public facing server is a drop of guard that is not needed. it will be hacked. a web-server alone is paramount to be compromised. add an underlying dbms and all bets are off. there is none. also it could be useful for data gathering of just how clever these little sob’s have gotten. kids are getting smart these days. just for the lulz

a multi-line internet connection would be nice too. the more ip’s the merrier. it still has to go through one tiny hole to get in or out

oh yeah. a couple of 3g/4g connections would be apt to have in store in case of a full-scale breach. why cut totally off. cunning panic is not panic. merely vigilance

** edit ***

it is impossible to uphold a directive that nothing comes in contact with the outside world. any device that has left the building - unlike Elvis who’s still ghosting around somewhere - that device becomes contaminated. before going in and back out it must be cleansed. that means that any documents stored locally will not enter servers. instead one must apply cloud-tech and very heavily encrypted connections. speed is not an issue so i guess that leaves pretty much up to the imagination. i think there are some american laws that prohibits too strong encryption, i think it boils down to that they want to ensure their experts can crack it. but i don’t see any right of anybody to interfere how an organisation or a group of individuals run their private networks.

have a hardware based system where the machine shuts down if the webcam is blocked

nothing is done automatic on a secure network. not updates. not access (no saved passwords). not nothing. and i literally mean the void of total absence of anything remotely not caused by a human

*** end edit ***

*** for those wearing tin-foil hats ***

do not equip the servers with conventional drives (incl sad)
instead have the configured system on a dvd and boot from that
all data is kept in memory or on a ram-drive
if someone tries to take the servers away they sure will be disappointed. its the only way
to make sure no info is »left behind«

*** end edit ***

*** dbms ***

no pw needed to access. auth is handled by a bridge in between.
open source big-data with flat structure.
every field has history (done by making delete disable the field altogether and update really inserts a new line)

*** end dbms ***

*** encrypted dns ***

i think the time has come to encrypt dns lookups

*** end dns ***

*** "cheap" public/private ***

one could make the following setup and cut cost on the connection

inet<->router<->public_server/part<-(>) [ firewall<->lan ]

the public_server has 2 interfaces. one incoming and one outbound.

this is not the same as using a dmz

the following services could be put in such a setup:
* dns
* mail
* web
* vpn
* certificate server (for homework stations if none put in private_part)

the (>) means that incoming traffic on the lan is filtered with a hardened firewall
example: because the mail-server is located on the public_part there is no need to send request for any mail server through to the lan

this setup could also be used to put in a hardened gatekeeper that scans incoming traffic for viruses, malware and other incoming nastys.

*** end "cheap" public/private ***
By at No comments:
Subscribe to: Posts (Atom)