Im currently testing out OWASP and finding it quite interesting on how much data it actually gathers. Great for testing sites for bugs. Will put up a tutorial once I get Privoxy fully working on backtrack5 r2.
******* Important Notice: Please read before continuing: ****************
*********************************************The information contained in this guide is for educational and personal
protection purposes only. Under no cases do I (dami3n) the author of this
article condone or encourage the use of the following techniques to break the
law or evade law enforcement. Always obtain permission for any testing
performed.
*********************************************
Please note this is a beginners guide and in no way do I consider myself an
expert these are just some handy tips to get you started.
—————————————————————
Good evening my fellow knowledge seekers. I am here today to inform you on a hot
topic something we all should know about. One of the most import rules to most
of us on this site.
That topic is anonimity online.
A lot of new users who want to learn how to be penetration testers “hackers” don’t
seem to relise that anonimity is something that you should familiarize yourself
with. This is something that applies to you on a day to day basis. Without this
anonymity you can actually get into alot of trouble. We all know that what you
may be doing is for a good cause but in a modern day like this, if you have the
power to exploit something then you may be persuaded to go down the wrong path.
That may make a certain perticular audience intrested in “special”
conversations with you.
Please familiarize yourself with what is right and wrong and before testing any
connections obtain full permission from the “target”.
—————————————————————
Anonymity is basically a safety net to fall on if lets say anything you did
raises any alarms. Trust me on this one alot of “tiny” things can raise alarms
so please be cautious. Here are a set of guide lines you should always follow
when being online.
———————————————————
Step 1: A new Online presence
Firstly we are going to create a new face for you. Remove all connections
from everything. That goes for all social networking sites, credit cards
anything personel you cannot be connected to these (dont bin them…. just don’t
have connections with them). Anything that connects your alter ego to the real
world will result in a compromise. Just look at it this way. Work Life – Personal
Life. Don’t bring them together they belong apart.
1A. Create yourself a new allias
Nothing can be connected to this alias that connects you to the real world
or your real identity. Dont post any real information when registering sites
like post code country even lie about your age. Nothing can be true also do
not be stupid when creating an alias. E.g dami3n – n3imad (new allias) its
too close for comfort. Come up with something completley different.
1B. Create a new email address – (Ultra paranoid people should run tor when
making this. A Tor guide can be found later on)
something that has some kind of security behind it. Most people opt here for
paid email addresses but I still go with the free ones.
1C. As for money
Sort this one out yourself. Im not going to spoon feed you this one.
—————————————————————
Step 2: Loose lips sink ships – Keep it shut.
This is of utmost importance. No one can be trusted not even your
friends/family. Now is the time to be paranoid. Just think of some famous CIA
movies and times it by 10 (im refering to the spies and security). Then base
that on your paranoia. Yes I know that is completley going overboard but really
guys you cant speak to anyone about your allias thats your life and your life
alone. Remember what was listed above remove all connections.
While remaining annoymous and using your allias you can have friends you can also
talk to people whom you can relate with. No one is stopping you from that but just
remember your allias is made up and is in no way you. So put yourself in that
state of mind when using your allias you are a different person heck make
yourself Barry manalow if you have to (first name that pops into my head
sorry… god knows why). If you do this your current persona is nothing like your real identity making it ever so harder to connect you to that person.
That goes for showing off infornt of mates. It could put you in a whole lot of
trouble.
—————————————————————
3. Get a stable Operating System.
Yes ladies and gentlemen that means installing a linux operating system. (Don’t
flame it just agree to disagree and use it.) I use both backtrack 5
and Ubuntu. I also suggest if you want to use Windows run it through VMware and
also install tor on your VM machine.
For people who think a VM machine runs slow
try running it on a 5 year old pc and come back to me. Windows 7 runs fine on
VMware it is Vista thats naff so dont bother using it.
If you need help installing Linux the best method is to get a live CD so you can
play with it before installing it so you dont accidentally damage the computer.
Or use a live USB to run it. I carry a live usb with me everywhere I go its handy for testing out networks on the move. (local authorized of course)
Just google your chosen Linux distrobution and follow the step by step guides.
—————————————————————
4. TOR – All you need to know about TOR.
Not an in depth guide thats what Google is for and the TOR website.
TOR is an absolute must for browsing the net and remaining annoymous. As for
installation of TOR this can be easy or difficult depending on how
annoying your machine/Operating system wants to be.
TOR can be downloaded from https://www.torproject.org/ – Make sure you use the
right one. Just follow the correct links and install it.
As for Backtrack 5r2 users I found a great article on TOR and privoxy -
Cant see mto get Priv working properly but still its a good guide. The link is:
http://lilith-lela.blogspot.co.uk/2012/01/installing-and-configuring-tor-on.
html.
Once you have installed TOR you will want to get Vidalia a TOR GUI – Which I use
with Linux.
apt-get install vidalia
This will run TOR and open TOR’s web browser for you. Always remember you are
only secure when using this browser do not use any other web browser unless you
have set up certain privileges to other browsers for them to run TOR. I believe
Firefox has a TOR button.
Please remember that even with TOR running your Anonymity can be comprimised so
look into proxy bouncing and other methods of hiding your IP. And always, always
connect to an IP that isn’t within your own country, United states or Canada. This is because your more likely to have your IP comprimised.
—————————————————————
5. Set up a Box.net account for storing “special files”
As for sending files large files of data and information up to 25MB in size you
can use box.net its free and stores up to 2GB worth of information. There is
however one catch tho. Always I repeat always log into this through TOR if you
ever by mistake dont and are using your home connection then they can trace it
back to you. So make sure TOR is in your rotation of things to do before using
the net.
Again as just like before do not sign up with your real email address use your alias. Do not
enter any true information here also just bypass it by “extending” the truth.
—————————————————————
6. Install an encryption program
Alot of people tend to forget this. They tend to feel no one will ever get into
their machine. Ill always remember a saying someone once told me. “If we build
it someone will break it”. This is true to many things in life especially
computers. Its our job to break barriers. So someone will try to break your
connection and view your files. Lets just make it a little bit harder for them
by encrypting it so they cant get into the files that your wanting to keep close
to your chest.
I have heard GNUPG is quite good. Open source and free you may want to look
into that one.
—————————————————————
7. Always use massively complicated passwords.
Why you ask, well there harder to crack of course and that alone may put people
off or at least give you some time to be aware of unusual activity on that
account.
Yes they are hard to remember when its just a bunch of random strings and
letters. Da837!DedetF245 is just an example of what a password should be.
Do I expect you to remember them, hell no. “There is an app for that” Google it
and you will find something nice to do it for you. Something like Keepass would
probably be sufficient for you. Just make sure the admin password is hard to
crack also. It may require you to write it down somewhere for example get a
random book out. Go to the 1,20,30,40 and take the 3rd word from the page there
your password. Change the e’s to 3′s a’s to 4s and i’s to !. Just some simple
cryptography for you.
—————————————————————
8. Dont be Stupid
All it takes is one trip up for you to be comprimised. Just always remember to
clean up after yourself. Dont boast to mates, always run TOR and make sure your connection is secure. Never I repeat
never link your real life with your online life.
—————————————————————
Final notes:
As stated at the start of this article this is just a simplified guide on how to
stay anonymous. But you need to be aware that even following these steps you
may still be compromised due to your IP still being tracked.
Heck I have used proxys that still give out my true IP. If your wanting to
secure your network even furthur you will want to start looking much deeper into
it. Darknet connections, proxy bouncing, IP spoofing and VPN networks are all
something you can start reading up on. Also its alot safer for you to connect to
a wireless hotspot and work from there as your true Identity can be kept secret.
But I suggest you read into this in more depth.
Knowledge is power and Google is indeed your friend when used correctly.
Thankyou for reading and stay safe.
I’m currently running a 3 partition HDD. 500gb (yes its small but it works) – Has backtrack on, Ubuntu and wait for it windows Vista…. Meh I have windows 7 on my Vmware so couldn’t be bothered formatting.
Anyways, I had a problem I could not delete a file off my desktop. It just wouldn’t work it looked like it was being shared possibly due to me trying to move it to another partition maybe. Anyways I found a solution to the problem
Bare in mind UAC is switched on for this example:
From now on just allow UAC to run as admin or if you come across any roadblock just allow admin rights.
- Right click the item and select properties.
- Now go to the security tab and click on advanced click on permissions and now add.
- Type in this new box your username. The name you use to sign on.
- Tick the Full contro tab and then ok. ( you would think even if your running as an admin account it would automatically give your full admin control. But oh noes it doesn’t…)
- Now click apply at the bottom and attempt to delete the file.
This may have been because UAC was set on but the problem was solved.
Oh the simple things in life.
Hello again followers. Sorry there has not been a post in a couple of days but cash is quite tight so I have been working on some Xbox 360 controller acessory packs.
Huh?!?!?!? Ok, ok I make Xbox mods on the side for spare money. Basically I make custom features in green and add Bullet button mods. I can pretty much kit pads out anyway you like. But ye… enough of that. Ill probbaly add a link on here at a later date for you Xbox nerds out there.
Anyways back to the good old Dremel work.
Take care,
N3imad
Backtrack 5R2 KDE- Flash movies not playing sound – Solution Found!
Posted: July 8, 2012 in Backtrack 5Hello again, now here is a quick fix for my followers who are having problems with Flash videos not playing sound in web browsers.
Lets say I tried everything (well almost) a lot of file edits, downloads and permission changes and I feel like such a tool because it is so easy to solve this problem.
Right click KMIX on your toolbar and click on select master channel. Now from here click on PCM as you may notice this is set as default to 0…. what the hell? OK whatever, all developers have different mindsets. So all you need to do is turn this up.
Woot, we now have sound please note you may need to do this every time you reboot.
Stay safe, N3imad
“Your wanting to run ROOT on a Linux machine man your crazy.” is what I hear all the time and do you know what I say to these people “Meh my machine my rules”. I prefer to run as ROOT. Lets just say I like to live on the edge. Plus everything is backed up and I do not keep anything with utmost importance on my Linux machine.
Right, so if your in the same boat as I once was and are constantly frustrated at Chrome not allowing you to run as ROOT I am going to give you some simple advice which will lift all this frustration off of you.
Download and install the latest Chrome version (I use Chrome because it comes with flash built in so I do not need to argue with Firefox) this stops you having to do this all over again when it updates.
Step one:
open a new Konsole terminal and type the following:
cd /opt/google/chrome/
Step two:
Now we are going to use a hexeditor to edit the chrome file. Type the following:
hexedit chrome
You will now see hex code on the left and ascii on the right. We are wanting to change an
ascii value on this page.
Step three:
Press tab to switch to ascii mode. You will need to find the following
value:
geteuid
Press ctrl+s to search through the ascii. Once you have found geteuid replace it with getppid.
Step four:
Now press Ctrl+x to close what you are doing. You will be asked to save your document.
Press Y and enter.
There we go you can now run chrome as ROOT. Please be aware you need to do this every time Chrome decides to update itself so just keep a copy handy or create a script that you can run or something.
P.S – Run as ROOT only if you accept full responsibility for your actions on your machine.
Stay safe - N3imad
