Inscrit le: 04 Nov 2009
|Posté le: Ven 8 Jan - 04:58 (2010) Sujet du message: Generic Tutorial
|This is a guide to anonymization designed for the newbies. If you already know all of about the subject please read anyway and give me your feedback. This is my first tutorial, and I'm trying to avoid misinforming others, so drop me a line if you see me slip.
First of all, anonymization is the act and methods of keeping yourself anonymous(unseen/unknown), used in the context of hacking, is protecting your digital identity, and consequently your real one. Many new users already know of methods of anonymization such as proxies, which will be explained more in depth later.
First of all, you've probably heard of an Internet Protocol(IP) address, which is a set of numerals that identifies the logical location of electronic devices found in a network, or the address of a website. For example, 18.104.22.168 is the IP address of Hackforums. If I typed it in the URL bar of my browser, it would lead to the homepage of this website. Your IP address is usually assigned by your ISP(Internet Service Provider), and devices such as modems and routers also have IP addresses. This also creates further vulnerabilities, as some of those devices' IP addresses, if entered in a URL query, display a page showing your internet information, which sometimes includes wireless network passwords! If you're unsure your vulnerable to remote password access, I'd give it a try.
Now I'll explain the relevancy of anonymization. As many people in this forum might tell you, always use a proxy or other means of anonymization. People who have not been as cautious have posted topics in this forum have described receiving warnings from their ISP's(ISP's will be explained later) because they did not utilize a method of anonymization when attacking websites or phishing. For maximal security it's always best to protect yourself from the start. For example, you may be familiar with dorking, search queries for keywords or parameters in a URL. Dorking is often used by hackers to search for sites vulnerable to exploits. However, webmasters who own their own servers or host their own websites(most freehosts make you upgrade to view search statistics) can view what search queries lead to their website. Suppose a hacker(not using anonymization) typed the query "inurl:news.php?ID=16" to search for Sql Injection vulnerable sites, selected a link, and got redirected to the vulnerable porn site. The hacker begins penetration testing the website(looking for vulnerabilities) but at the same time, the webmaster is viewing his logs. The webmaster starts viewing search statistics and among the usual queries for "hot babes","tits n fuckin", he sees "inurl:news.php?ID=18". Now what kind of person would use a query like that to view a porn site? he thinks. So he checks the IP of the person who typed that query and then moves on. Suddenly, the hacker enters the admin panel, and using stolen data, defaces the site, however the webmaster has saved backups of his logs on his computer. Pretty soon the hacker is located and recieves a complaint from his ISP. Most of the time, thats the case, but more serious crimes involving money will not be investigated so lightly.
Now lets explain the methods of anonymization.
1. Proxies- A proxy is basically a website hosted on a server that acts as an intermediary between the client(you), and the server of the website you are trying to view. Most proxies have a field where you type the desired website you want to view. If you're intention is to hack, be aware of the advantages and disadvantages of using a proxy. An example of a proxy? http://www.pronproxy.com
1. Easily found, there's proxies all over the internet.
2. No downloads required.
3. Masks your IP(most important point).
1. May be slow or laggy.
2. Proxy owner may be logging traffic
3. Proxy owner may be forced to give up your IP address if its demanded by powerful parties, such as the government(see precautions).
1. Use a foreign proxy, since your Government has no jurisdiction in another country(This clause might be negated in the E.U.), they cannot demand the foreign proxy to yield your IP address.
2. Disable Cookies;don't leave more tracks than you need to.
3. Proxy chain! This is basically using one proxy to browse another proxy and another, and another, and the website you want to see.
4. When bragging, do NOT allow the URL of proxy to be seen. Your IP is probably encoded in Base64 and could be decoded in a few seconds. That's how the Palin email hacker was caught, he was lucky that he's the son of a state representative. Not all hackers have connections like that, we usually get the electric collar and the internet ban.
2. VPNs- A VPN has multiple definitions. The ones I'm explaining are not the VPN's you connect to your workplace with, using a generic windows dialog box. A VPN is basically a large network that links different connections to a larger network, which assigns you an IP address other than the one given to you by your ISP. I'm not going to go into the complex internet protocol jargon so you may find this definition very basic. These VPN's can be connected to remotely through your network, or a downloadable VPN client, I recommend the latter option.
1. Greater anonymity, good VPN's can even fend against the legal attacks by the Government, Corporations, and bullshit bureacracy, but its mostly premium ones that are more tenacious.
2. Probably more secure than a proxy.
3. Less stupid webmaster looking at your porn queries.
4. No need to type the website you want to see in a secondary field.
1. May lag
2. May display banner ads in your browser on all pages you're browsing.
3. Again, not completely unfallible.
Precautions: Use more specialized and reputable VPNs, such as Ghost or Tor. Also, for even more security, proxychain while on a VPN.
Links to good VPNs:
http://www.torproject.org/ (Windows and Mac), There are suspicions that TOR is monitored by the government.
http://hotspotshield.com/ (Windows and Mac)
http://www.cyberghostvpn.com/anonym_surf...anguage=en (This one is premium/paid for).
http://linux.softpedia.com/get/Internet/...4283.shtml (downloadable advanced proxy, for Linux).
I have not covered all methods of anonymization, this is just a basic introduction.
For more information, lurk around the proxies and socks section of HF.
Internet Service Providers keep logs you, mostly for their benefit and yours as you can view your logs in your ISP account. However, various Government's are trying to infringe on your rights, as are ISP's that oppose internet neutrality. For example, http://thomas.loc.gov/cgi-bin/bdquery/z?d111:h.r.01076: and http://thomas.loc.gov/cgi-bin/bdquery/z?d111:s.00436: are bills in the United States that would allow the Government to request logs from anywhere with an internet connection, and make it a requirement for public places with wi-fi to keep logs to aid the government. A way to solve this problem is to get an anonymous ISP, such as http://www.metropipe.net/ .
I hope you've benefitted from reading my tutorial!