Gray Hat
Saturday, 23 August 2014
Add Your Program To Autorun On Windows XP and 7
Intro. What Are Autoruns?
For starters who don't know, autoruns are the programs which are automatically run every time windows starts/boots. Most of the time they are background applications and services, which means that the user (we) are not even aware of them running in the background.Thursday, 21 August 2014
Being Invisible while Hacking
I - Being Invisible
The best away to avoid being caught it is to prevent your intrusion from even being detected, i mean no one is going to call the police if it doesn't look like a problem has occured, one common misconception that people have is that it is a good idea to delete the logs on a system that you break into, while doing so does remove the ability of the victim to immediately see what you did, a blank log file is a sure sign of some sort of an intrusion, it is actually better to not kill the logging, get in do what you planned to do and then alter the logs, rather than delete them, this looks far less suspicious, there are a great number of program out there that allow you to alter logs, although doing so is much easier on unix than windows nt, however on a unix/linux system, it's usually a good idea to delete the shall history file [usually .bash_history if the computer uses bash shell]
Another measure to take to remain invisible, is to make sure you don't make any changes to the system that are obvious, don't do something like add a pop-up message to the start up files that says [I own you !] or anything like that, also if you can avoid it do not make a new user name for yourself, while making your own username will make things easier, it will make it obvious that an intrusion has occurred because when the admin looks back through the logs and sees an unfamiliar username he/she will probably be a little bit suspicious, if you can use the runas (su on *NIX) to run commands as the admin, so it will show up in the logs as something the admin did, one thing that is tempting to do, but is really not a good idea is to change the passwords of any of the users on the computer, many systems will log such password changes, and users will complain to the admin about their password being changed
One of the best ways to remain undetected may actually br to write a batch or shell script that will execute all of the commands you want to have executed on the computer, place it on the computer, and set it so that it will run when the admin logs on, this does two things, one it will cause all of the actions done by the script to show up as being done by the admin in the logs, two if the admin checks firewall or ras logs, nothing suspicious will correspond to the time that the shell/batch ran, the best way to do this is to set the script so that it will delete itself
II - Anonymity
So what if your intrusion is detected, if you haven't taken measures to make sure your efforts can't be traced back to you, then you're probably going to spend some time in a jail cell being Bubba's bitch, there are a great number of ways to in essence become a ghost
A - Trick The ISP
One of the first things that many victims will do is call your ISP about what happened, or call the police who will in turn ask the ISP for activity logs or have caranivore installed to monitor anything else you do, the best way around this is to set up an account with a lesser-known ISP, under a fake name, and when you dial-up to them, do it from someplace other than your home, such as a payphone [many have phone jacks in them now for modems], another way to do it would be to break into someone else's account on your ISP and use theirs for your hacking, but again do not do this from your own phone line
B - Proxies
Another very good way to hide your idendity is to route all of your connections through proxies when hacking, so that the victim can't see your IP address, if you plan to do that make sure that all of the proxies are anonymous ones and preferably outside of US borders, now days it can be quite hard to find a wingate, which is a proxy that is for telnet connections. one way to deal with this problem is to get the program Leap Frog, which can be installed on someone else's computer, allowing you to use it as a wingate, one other thing to keep in mind is that most proxies keep logs of who used them, and will turn these records over to the police if they suspect anything odd, try to figure out whether or not a proxy keeps logs before you use it, one of the best ways to do this is to use a program like Leap Frog which allows you to set up other people's computers as proxy servers, which will not keep logs
C - Phone Routing
If you are attempting to break in through a dial-up server, then you will want to make sure that the call can't be traced back to your house, the best way to do this is not to hack from your house, go to a hotel or a pay phone or something, one myth is that you should use a phone card, using a phone card won't help you at all, because the police can get the records of who used the cards from the company that issued the calling card, on of the best ways to do this is to dial-out from a payphone, using a phone card [to deal with long distance], to a PBX of some company really far away from your victim and then using the PBX to dial into the victim, at first glance, the remote access will appear to have come from that corporation, who will in turn see that it came from a phone card, which in the end will be traced back to a payphone
D - Public Computers And LANS
Using a public computer to hack from can be beneficial in that it is hard to say exactly who has used it throughout the day, and it can't directly be traced back to you, the problem with using a public computer is that you can't install your own software, you may be monitored by the owner, and someone might see you using it, one tip about using public computers and dialing from payphones, never hack from the same location twice, it can also be very effective to use a laptop and try to tap into someone's wireless network and use their internet connection. It would be almost impossible for them to figure out who did it, this really wouldn't be hard to do, since most wireless encryption can be cracked in about a half hour and there is a growing number of home wireless networks, which tend to be very insecure
E - Keep Your Mouth Shut
Don't tell anyone what you did or plan to do, the less winesses the better, also when you break into a system, don't leave your handle or anyone else's on the system, if you feel the need to leave some kind of calling card, make up a secrect handle only you know, it is also wise not to hack people who know you have some sort emnity with, because the police ask for lists of enemies as standard procedure
III - Take Precautions
A - Suicide Button
Write a program that will wipe everything on your hard drive at a moment's notice, so that no evidence can be recovered from it, just deleting the files won't work, the police can still see what was on the disk, you need to get something that will actually erase the inodes of the files
B - Encryption
Encrypt everything on your computer that is even remotely questionable by law enforcement, it is best to get an encryption program that uses atleast 128 bit encryption, you may want to try to find an encryption program that is non-propriety, as the police have backdoors to many commercial encryption programs, you should also be careful about what algorithm you use, as DES and AES were both created by the government, and probably have backdoors of some kind in them, i recommend using Twofish or IDEA, if you use PGP, as tempting as it may be, do not use the create .SDA option, as it is not as secure as standard encryption, exporting your keys to floppy disk and hiding the disk somewhere is a good idea as well
C - Secure Operating System
One of the best ways to prevent the police from getting evidence is to make sure your computer is as secure as possible, you should install an up-to-date antivirus [one that will detect magic lantern], because the police love to use keyloggers and trojan horses, you should also use an operating system that supports some sort of file permissions, such as linux, windows nt/2000, and novell, make sure you have all of the updates and patches for all of the software and be sure to install a good firewall such as Agnitum Outpost
D - Hide Your Stuff
If you have anything that absolutely cannot fall into the hands of the police, encrypt it put it on floppy disks, and store it off your own property, the police may have a warrent to search your house, but not your neighbor's, one very nice way of doing this is to place the disks in a coffee can that has a magnet on a string hanging from the top, if anyone knocks the can over the disks will be erased, it is best to store them on the property of someone that has no connection with you, or with someone what has no computer [see if you can talk an Amish person into keeping them for you
E - No Print Outs
Don't write down or print out anything unless there is no other option, if you do have to print something out burn it as soon as you are done with it, although a paper shredder is more convenient, someone can put the clippings back together
Friday, 9 May 2014
Kali Linux by BackTrack Team With 300+ Hacking Tools
Seven years of developing BackTrack Linux has taught us a significant amount about what we, and the security community, think a penetration testing distribution should look like. We’ve taken all of this knowledge and experience and implemented it in our “next generation” penetration testing distribution.
Subscribe to:
Posts (Atom)