Search This Blog

Populære indlæg

Saturday, January 3, 2015

a bit about hacking

INTELLIGENCE GATHERING

how find info without someone monitoring my connection getting suspicious

find fast new https proxy (any other proxy is not encrypted)

start a huge torrent dl. use a lot of connections. dl’ing a complete linux distro with sources should give you the time needed.
and then “clean” your log-files. your isp have logs of your connections and the amount of data transferred even if using encrypted lines.

bounce scans through same proxy

isp will see a lot of encrypted traffic but nothing that can be identified


FOOL SOMEONE SCANNING / ATTACKING ME

setup router to vm

multiple vm's and change between them… confuse

xp + apache + ms sql
red hat + tomcat + oracle
7 + iis + access
freebsd + apache + mysql +ftpd

A proven effective tactic is to say a lot of shit so when I do spill it nobody gives a shit. Everybody will say: "Oh! More shit from him. He can't be trusted." But hard evidence always prevail.

MAKE IT HARDER - CHAINED PROXY'ING

Normally chained proxy'ing would require some form of influence on the proxy server's configuration.

This is more like chained proxy'ing lite. But everyone looking will follow the proxy then the vpn and then they realise they wasted their time.

VPN, then tunnel an encrypted free / public proxy through it

always use a proxy for backup if vpn goes offline real ip is exposed. socks5 for speed https for privacy
*** SOLVED: dns dropped when vpn goes offline. traffic halted

******* GOOD PRACTICES

NEVER EVER USE CELL FOR THIS SHIT

IF TIME IS NOT IMPORTANT: REMOVE PARTITIONS ON OLD HDD AND MAKE NEW ONES, BUT MAKE IT ENCRYPTED. THE INITIAL ENCRYPTION SETUP
ON THE HDD WILL OVERWRITE EVERYTHING ON THE DISK. HATE WASTING A DRIVE :-)

do not store key-files (gpg etc) in keychains. install’em when needed and remove when done. at least if you are involved in
something you weren’t suppose to be doing but in fact is the right thing to do.

REMOVE ALL INFORMATION FROM PROXY SETUP ETC. IF I’M CAUGHT THEY STILL HAVE TO PROVE ME GUILTY

primary rule of engagement: be prepared. be scared

always have more than one connection available. not from the same isp but from different ones

a good practice could be to make bogus posts on known hacker boards. if you can get identified hackers to say “nice one but do you actually code?” the feds will most likely label you a wannabe hacker hang-around. the important thing is that they do not see you as a threat. even though top100 could be sweet it is the downfall of any good hacker

using standard language files to hide shell-code on a webserver

this one is so hard. avoid temptations of provocations. especially against intelligence services. after all they are primary threat unless you fuck with organized crime syndicates as they will kill you if they find you or worse force to work for them. no matter you’re screwed

watch public channels of known hacker groups. when they prepare for attack so do i. intelligence services will have their attention on ex. anonymous not me.

if contact is needed create a very temporary email address like “sdhgfjksahgfiuq2ye43” or similar and delete when your done. delete every mail in every box. empty trash. THEN delete the account. in fact always use a newly-created account for anything.

when done kill all log,tmp,swap as possible to give away no intel

if suspecting a keylogger active use history ( !x | grep), scripts, other automation methods

also to avoid logs. maybe read-only guest access with all shit on a ramdrive in system memory

*** MUST TRY

use squid to branch out connections. proxifier for mac works great at this

example:
firefox through vpn just to check target
terminal through i2p as httpproxy
nessus through tor as socks5
safari through zap

**
** tried. works. just dandy :-)
**

this should conceal not only my identity but also my true numbers since log files will show that the attack had been coordinated and happened simultaneously from multiple locations…
BURST-FIRE HACKING RULES :-)

*** END MT ***

maybe timer-based scripts to ensure deletion of files with possible intel of me i.e. log-files


*** CREDIT CARDS ***

have one card in one bank used for payments, internet buy, etc
have your regular accounts in another bank. transfer money when needed
that way even if your “public” card is exposed no harm they get a few dimes. fuck’em

*** END CREDIT CARDS ***



*** encrypted drives ***

i use it. internal and external. why make 2 different choices?

mental note: passware claims they can decrypt any computer. well. yes if it has not been shut down.
and apparently they have some difficulties with their facts. i perceive it as this:
they can do a memory extraction (from system memory through firewire or by attacking the swapfile) but their
example only allows for 3 or 4 gb extractions. and there are some problems with the file being to large
for good old win(32-bit). 64-bit shouldn’t have this problem.
but i have 16 gb of memory in my macbook pro 17” (late 2011) and virtually no swap-file (it’s always 0 mb out of 64 mb).
the swapfile is the one thing on my computer not armored with mathemagics.
the reason why i leave it unencrypted is that - i think, i hope, i pray - that the os won’t store “sensitive” info in the swapfile. it always take a few mb’s when it’s encrypted. i haven’t got any real proof but it’s a nice illusion.

but other intel points out that you are damn stupid if you crack your cell.
it opens up pandora’s shit-box of retrieving plist files with unencrypted pw’s. nice one

so in fact they can’t do shit as long as one remember to shut down when the computer is not in use.

also my cpu has aes-ni from intel which does the encrypting/decrypting virtually without memory lookups. off course the file has to be read from somewhere (the recovery partition). but tapping into memory is not as easy as tapping someones wifi.

and people pay these idiots? extract and decrypt my hairy tits .|..

ps: why pay $1000 for a piece of crap when the best in russian cyber-tech goes at half the price?

*** end encrypted devices ***



*** encryption keys ***

never send public keys using the email address they are linked to
gives your mail supplier an easy way to peep
and we all know how well the justice system works especially with “secret” judges

*** end encryption keys ***



connection rules
use random selection of vpn-servers. choose proxies per case.
setup laptop -> i2p/tor/ka+- -> vpn (use vpn proxy settings) and use 2 different ciphers
setup attack/fuzz/dynamic proxy -> tor/ka+/i2p (vpn is tunnel over these)
setup system proxies to desired attack-proxy
anon-net takes over when vpn ends. should take care of the honeypot issue
this way anon-net knows not your vpn and vice versa. should make it near impossible to trace me. up yours, loggers!
also if using a proxy for the vpn your vpn provider will not know your true ip

also it is vice to have vpn not restore original network settings (dns etc) so that connection is rendered utterly useless if vpn fails. nothing out. nothing in. this is to ensure that non-encrypted traffic never leaves the computer.

if having that feeling when "doing what you have to do to do be able to do what you do" better pull the internet cable. never use connects using wifi or bluetooth.
it is much faster to pull the connecting cable (incl 3g/4g usb dongles) than to log out and shutdown everything.

always have a powerful (mine is 750kv) stun gun to ensure data extraction will not be easy. zap all devices. tablets, cells, drives, laptops, modems, everything… oh yeah, always use fresh batteries

check what ip is broadcasted from web and terminal. "curl http://checkip.dyndns.org" or "curl http://showip.net | grep check_ip". and for the sheer provocation "whois pet.dk". the only usable information you get is your own public ip so who is pet? you :-)

always disable and delete logfiles on target. give them as little intel as possible

when communicate always use only small letters with no classic hacker 1337-shit like "h4ck" and never overuse any punctuation ("" ok) smileys -== ..|, -\|/-

furthermore to hide my true nationality use machine translations

never name names always name systems or sector. but again, if it increases success rate do it as in the ad’s

password policy is make them hard to remember to ensure that they are forgotten once in a while so that a new one is mandatory. just press “forgot password” every other day. hacking mail accounts is so damn easy for those pursuing that fine art.

one other thing: use scripts, functions and aliases to speed up.

1 comment:

  1. even 100 years after your hacking days are done... tell no one!

    ReplyDelete