Posted on

Learn Ethical Hacking Episode #23: Macchanger (Part 2)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will show you how to schedule tasks to run upon rebooting your system, or at a certain point of time. In this particular tutorial, we will create a script or a command to change your MAC address each time you restart your Linux system. So, every time you reset your computer, each time you turn off your computer and turn it back on, not only does it give you a random address that anonymizes you further on wireless networks, but it will make sure that you do not share your permanent MAC address. You might think to yourself, well, I can just change the MAC address every time I need to change it. Well, you will forget, trust me. It’s far simpler to set a cronjob once, and it will run each time you reboot your computer. If we take a look in ifconfig, I don’t actually have any wireless interfaces configured here, mostly because this is a virtual machine. We will be doing some of the things on my other machine, on my Fedora host machine, but for the time being we will use eth0, my wired interface, as an example. You can just as easily do this with any other interface that you have. The only thing that should vary is the name of interface. For example, this one is eth0, wireless1 would be eth1. On my Fedora system the wireless interface is wlp2s0.

In any case, what we need to do is clear the screen. There is is a Linux software utility called cron, it should be included with nearly every Linux distribution available, and this is what you use in order to schedule tasks to run for you in an automated fashion. Let’s type in crontab –help, press Enter, and there we go. Let’s take a look at the help menu for this command. It’s fairly small, there aren’t that many options, the tool is fairly simple. You use -e to edit user’s crontab, you use -u to specify the user for which you wish to edit the crontab. That’s helpful if you have multiple users on a single system, but by default it will edit the cronjobs for the current user. You can also list the user’s crontabs, delete the user’s crontabs, very important, and you can also always use -i to prompt before deleting. Remember, once you delete something in Linux it’s gone. There are some methods for retrieving deleted information, but more likely than not it’s permanently gone. You will find it very difficult to retrieve information that you have deleted through the usage of terminal. Anyway, enough about that, let’s go ahead and start editing our scripts that will run on startup. So, type in crontab -e, press ENTER, and there we go. We are prompted with this file. This is opened with VI text editor, so we will need to go through some of the basics. Here it says edit this file to introduce tasks to run by cron. I strongly advise reading through this entire file. It’s very small. Just read it. I’m 99% sure that you will be able to understand pretty much everything that is written here. Over here, the last line is actually the format. You have minutes, you have day of the month, you have day of the week, you have a command for the meaning of each of these separate sections. You can read this file here. So, mon is month, the dom is day of the month, this is hour, this is minute, and so on and so forth. Go through this file, read through it, and you will understand this format to the fullest extent.

For the time being, here is the command that I wish to use. In order for you to edit pretty much anything in VI, VI is a Linux text editor, you need to open a file and then press I. Just go ahead and press I on your keyboard, letter I, and it says you are currently in the insert mode. You can see how I’m highlighting it, now it says insert, and now you can actually type things in. What we want to type in is @reboot, and then type in the command macchanger -r, eth0. That is the command that we use in order to randomize the MAC address of our eth0 network interface. Here you have at reboot. So when do we want this to happen? We want it to happen when the system reboots. When we reboot our machine execute this command. If you wanted to run a script you would just need to specify a path to that script, and then a command to execute it. So just press escape now to exit insert mode, and press : on your keyboard. So just press colon on your keyboard and you will be prompted with a command line here. In the command line you need to type in “w” for write, so write these changes to the file, and then in addition to w you also need to write “q”, quit. After you’ve written to the file I want you to quit the file. If this doesn’t work you can also add an additional argument which is an exclamation mark to forcibly do it, but there is no need in this example, it’s going to work. So quit, there we go. This says installing new crontab, excellent! So we’ll just go ahead and clear the screen, type in macchanger -s to show the MAC address of my interface, eth0, press Enter, and you see it says permanent MAC, this one, current MAC that we are using, same one. Let’s go ahead and reboot the computer, and after the reboot we will see a different current MAC address listed. 08 were the first two places that were occupied in the MAC address. Once we reboot the system I will start up the ifconfig, actually not ifconfig, I will use macchanger from now on to actually verify the MAC addresses of my interfaces. Even though, even though, that is not a good thing. You should honestly be using ifconfig because it is the universal way of checking a MAC address on pretty much any Linux distro out there. While on the other hand, macchanger is most likely only installed by default on Kali Linux, and pretty much any other distro does not have it installed by default. Let’s go ahead and use ifconfig. We’re being logged in at the moment, sorry for any delays. This is a virtual machine so it’s bound to have some slight delays, but surprisingly I have found it very efficient. It’s working at a relatively fast pace. I’ll just go ahead and open up our terminal, type in ifconfig, and you can see that the hardware address has been changed. This one is no longer 08. So, to confirm this further, we’ll just go ahead and type in macchanger -s eth0, excellent! So you can see the permanent MAC is this, current Mac is this. It’s of an unknown type, unknown manufacturer that is. You can take a look at the macchanger help menu to specify the type of a MAC address that you want it to assign to your interface. Feel free to play around with that. Again, if you have any questions in regards to that, feel free to post them, I will be more than happy to help you out in any way that I can. In any case, I bid you farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #22: Macchanger (Part 1)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, we will discuss MAC addresses, what they are, how they can be used, and how you can change them in order to anonymize yourself.

So, what is a MAC address? A MAC address is a physical address for all of the individual network interface in your computer. All of your network interfaces have a MAC address, be it a wireless or wired interface, it will have a mac address burned into it. As soon as you connect to a wireless network, or a LAN with a wired cable, that particular MAC address is used to identify you in combination with an IP address within that LAN. The MAC addresses do not go further, they do not go outside the LAN, they do not go outside the first jump from the first router. So, as soon as you go through the first router from your computer, your MAC address is no longer being shared. Anyway, let’s see what a MAC address looks like. So, what command do we use if we want to list our network interfaces? We will be using ifconfig. Press Enter, there we go. I have a loopback interface which I’m not really that interested in, I would like to remove it for the time being, ifconfig eth0, and there we go. I just wanted a listing for this particular interface, and this is your hardware address. Do not confuse it with the ipv6 address which is here. You can see that it is quite a bit lot longer, and it has far more characters than a MAC address. The first three sets of the MAC address are used to identify the manufacturer of the device. You can’t really utilize these last three sets because you don’t really know what the manufacturer has done with them. But, you can use the first three sets in order to figure out who has produced the device, and if you know which company has made has made the device, then you can research the possible vulnerabilities for that device. This is also one of the methods of foot printing, or figuring out a MAC address of a device. If you have a MAC address, you can conclude with reasonable safety who produced the device, and in doing so you will get a better idea of what you can do with the device, how you can exploit it, and so on. Let’s take a closer look here, ifconfig eth0, you can also do this. Let me show you an application of the grep command. You can use | grep, and you type in HWaddr, and there you go, this is a far better listing. It will list eth0, link encap:Ethernet, and HWaddr, so you can see clearly what is written here. I could use the awk command to filter this out, and leave only the MAC address to be printed out, but this provides a good overview as well. Keep in mind that other things can be listed here from one system to another, but you can always view it using the ifconfig command. Once you know how MAC addresses are written, when you know their formats, you will be able to recognize them even in a vast mass of information.

Since MAC addresses are used to identify you within a wireless network, if somebody actually checks the devices within the network they will know who you are, they will be able to kick you off the network, and we would like to protect ourselves from being identified. We want to be anonymous. One of the downsides of MAC addresses and them being used as means of identification, is that you can view the other MAC addresses on the same network. You can then copy those MAC addresses, use them as your own, perform some sort of shenanigans on the network, admins will notice that there is a problem, then they will permanently ban that MAC address. You have successfully performed a denial of service attack. I have seen this used at university multiple times. Basically, what people would do is figure out what the professor’s laptop MAC address is, they would then deliberately perform some kind of malicious activity such as attempting to login in to the router, the administrators would notice, and they would permanently ban that MAC address. This would effectively render the laptop useless for that lecture because that laptop could no longer connect to the wireless projectors where the presentations were being held. They eventually did get caught, and it was a pretty messy situation, but I’m just giving you an example of how these things can be used and abused. I am not suggesting that you should do this. Instead, use it for a benevolent purpose. Don’t use it for silly things that literally have no benefit.

In this particular tutorial I would like to introduce you to a tool called macchanger, so macchanger, press enter, and there you go. You can see it is installed by default with Kali. So, it says Usage: macchanger [options] and then device. I’m going to clear this and type macchanger – -help. Let’s see what kind of options we have with this tool. So, you see you have a few options, not many, it’s a fairly simple tool. We just passed –help, we can print the version and exit, we can print the MAC address and exit. Actually, I have never tried this. Let’s give it a try. macchanger -s eth0. It does indeed give the address. I have always used ifconfig. It gives us the permanent MAC address, and then you have the current MAC address with which we can do whatever we want. Go ahead and clear the screen, for convenience sake, and call the help menu once more. Now this is what I was talking about a moment ago, it says do not change vendor bytes. So, if you want to change your MAC address but still stay within the same vendor, it says don’t change the vendor bytes. Those are the first six characters, the first three sets that is. We can set a random vendor Mac of the same kind, you can also use these parameters, however they are not used very often. Usually, what you would use is either a fully random MAC address, or you would use one for a particular vendor. So you would go online, see what the particular vendor MAC addresses are, or you can print known vendors. There is a list included with the program, let me just show you, -l, and there are a lot of them. So it is only showing you the first three sets, and then for the other three you can type in whatever you feel like typing in. If you would like to be discrete on a network, as a standardized device within that network and not raise any suspicions, this is a good way of doing it. You can have the MAC address of a device that the network administrator is familiar with. They won’t be able to tell the difference unless they actually dig deeper. The important thing here is that if anybody digs deep enough they will find that you are doing something, but the idea is not to raise any flags, any suspicion, and in such a way pass through unnoticed. You of course have the ability to generate a fully random MAC address, and you can also set your own. You can use the -m parameter, or –mac, and then you type in the MAC address that you would like. People will use the MAC addresses of legit devices on the network to conduct malicious activity, and then those devices would be banned.

Let me show you what changing a MAC address looks like. We will deal with this sort of an attack a bit later on when we get into wireless hacking, and breaking wireless encryption, and what you can do on a wireless LAN network. Here I just want to show you what a changed MAC address looks like. So let’s just show eth0. Ok, so, we’ve seen this a moment ago, now here’s what happens when I use macchanger. macchanger -random eth0, press Enter, and there we go. It says permanent, current, new. So this is the new MAC address and it says unknown, I haven’t assigned it to any particular vendor. If I now say show, excellent! So it says permanent and current. The current one is the one that is being shown, that can be seen within the LAN network, and that is used to identify you. You can’t actually destroy your own MAC address because it’s literally burned into the device, this one will be shared with everybody else, and this one will remain within your own computer. It will not exit your interface. Anyway, a good practice would be to set up a script which upon booting changes the MAC address, and sets it to random every time you boot your computer. I will show you this in the next tutorial. Until then I hope that you have enjoyed the tutorial, and thank you for watching.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on 1 Comment

Learn Ethical Hacking Episode #21: Virtual Private Network (VPN) Setup (Part 2)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will actually connect to a VPN service provider, and I will show you how to prevent DNS leaks as well. Anyway, before I go into all of those technical things, I just wanted to say that VPNs are also a cheap solution if you’re looking for a static IP address. So if you want to setup a home web server, or file-sharing server, with a static IP address you can have a VPN for around $10 a month. That’s a very economical solution for a static IP address, as opposed to going through your ISP provider who will sell it to you for a much larger sum of money. I just wanted to mention that as a bit of extra information.

What we are going to do today is open up this website. I’ve opened up this one, you can open up any other that you would like, but be sure to check the reviews. I am using OpenVPNbook.com because I didn’t need to register, or anything of a kind, I could just start using the VPN service. I don’t need to install any additional software, or anything like that, I just need to download a configuration file, and that is fantastic. That works great for me because there’s minimal work needed, and it’s going to work for you as well. However, if you wish to use a different VPN provider, please feel free to do so. In fact, I encourage you to go out on the internet and have a look around to see which VPN providers are out there, what people are saying about each one of them, and which are the best. Which are the best in terms of cost, privacy, speed, stability, and so on and so forth. Sometimes you will get a VPN and the connection tends to break from time to time. That can be a bit inconvenient. Let’s go ahead and begin the connection process. So, I don’t want PPTP, I want OpenVPN, and which one am I going to take? Okay, let’s take the Germany based VPN. This is a certificate bundle. It should open with ARC manager without any problems. Let’s extract this to the desktop, and then I’ll create a new folder for them. Let’s make it a bit neater, openVPN, there we go. Let’s copy these things into this folder here and move it right there.

Do you remember how we downloaded duplicates of packets with the same name, except one had gnome in the name of the packet and the other one didn’t? So you’ve downloaded the plugins for the gnome network manager, and we’ve downloaded the actual packages for which we can use via a terminal as well. Today, I’m going to connect to a VPN using nothing but terminal. You can also do it through the network manager here. It says VPN connections, configure VPN, as we’ve done before. You just say add, then you can choose here, or you can just import these files here. This is a very simple process and you can do it through a network manager. However, chances are that you will find yourself in an environment that doesn’t have a GUI, and you will need to do it via terminal. The process is not very complicated. You just have two to three commands that you need to type in, and that’s it, no additional configuration is needed. It’s going to auto-load without any problems. Go ahead and clear the screen, you see I’ve been doing some work there, and go ahead and navigate to your desktop. So, /root/Desktop/openVPN/. Let’s see what’s in there. No, I do not want that sort of listing, give me a detailed listing. The LS command has different forms of listings. I can say la, I’ve shown this in one of the first tutorials dealing with the Linux command line interface. So ls -l, and which one shall we choose? We have port 443 going over TCP, TCP port 80, UDP port 25,000, and UDP port 53. I’m going to go ahead with port 443. So type in openvpn – -config vpnbook-de233-, which one is it, tcp443.ovpn, press ENTER, and it’s going to prompt you for a username. Don’t panic. The username is right on the website. See here you have a username. I’m going to go ahead and copy that, press Enter, and we also need the password. I can’t imagine why they added password because it’s a public password for anyone to use. Paste it here, press ENTER, and the connection is now going, it’s being routed, it should be established any moment now. I’m going to go ahead and close this site because I will want to reinitialize Firefox. There you go. Initialization sequence completed. Let’s see where I am. What is my IP? Your IP is 178.162.193.233, and apparently I am in Germany. I can assure you that I am NOT in Germany. That is definitely the IP of the VPN. But, this sort of configuration that we have done now will not withstand the DNS leak test, so we need to actually do some alterations there as well.

In order to protect against DNS leaks, we will need a new terminal, so go ahead and open it. Type in nano /etc/resolv.conf, press enter, and there you go. Now this is generated by the network manager by default, and the nameserver is, this is basically your home router IP address in a LAN. This is not a public IP address, this is one in he LAN that you use to access the router from the LAN network. We don’t want our computer to use our ISP’s DNS servers, do let’s just comment that out. The way this works is your DNS requests are forwarded here to this nameserver, this is basically the IP address of your router, and then your router forwards them to your ISP provider. This in turn records all of your traffic, and this can eventually be used in order to reveal your physical location, which is something we want to avoid. So instead of using the DNS server of your ISP provider, what you want to do is go ahead and type opendns in your browser. I can’t do a DNS test like this because I will show you my IP address, but I assure you that this will not pass. So, where is it? For business, personal, partners, yes, there we go. Go ahead and scroll down and click on DNS, wait for it to open. So on the right side of the page you can see that you have these IP addresses. We have 208.67.222.222, so just go ahead and copy that. This is open DNS which is one of the fastest, safest DNS services on the planet. They’re very nice to use. Other than that, you also have Google’s DNS servers which are 8.8.8.8 and 8.8.4.4, if I’m not mistaken. Nameserver, space, paste, and now I want another one. Name server, space, and I would like to also have this one as well. Now the reason why you are using two IP addresses and not one is because you want to have a fallback. So if this fails, if for whatever reason this server appears to be down, or if your packets fail to reach it, you don’t want your web browser telling you that the connection can’t be established. Instead, you want it to fall back to this one, and then attempt here, and in all likelihood it’s going to pass. Control + O to save it, and Control + X to exit. Do not restart your network manager because it will preload the file once again, and you will again be stuck with the DNS servers of your ISP provider. So let’s just go ahead and see what our DNS leak test says, so check for DNS leak. We’re going to do a standard test. You see the IP address is still shown here. It’s telling me that I’m from Germany, but I’m not. Let’s do a standard test and see what happens here. It says hostname, you see ISP, which we can conclude from the hostname as well, and we have the IP addresses here. Let’s take a look at the ISP here. It says ISP OpenDNS, OpenDNS, OpenDNS. The ISP provider from my own country has not been revealed here, it has been hidden. If I didn’t do this I would definitely have a DNS leak here.

Anyway, that is how to protect yourselves, that is how to establish a tunnel, something of a kind. I strongly encourage you to establish VPN connections from the terminal. You will have pre-configured files, you can even do the configurations manually if you really feel like it. As I said before, you can also do it through the network manager, but I strongly advise against it. The network managers can be different from one system to another, so this is not really a universal way of doing it. Furthermore, there are environments, you will encounter a large amount of environments, that won’t have a GUI, or you will be in an environment that has GUI but you will not have the ability to use it. I advise to you to become comfortable doing such configurations in the terminal. If you really want to do it through the network manager, and if you can’t do it on your own, there are a lot of instructions on the net. If you don’t feel like going through forums, feel free to ask in the questions section, and I will be more than happy to help you out, depending on which network manager you are using. In any case, I bid you farewell, I thank you for watching, and I’ll see you next time.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #20: Virtual Private Network (VPN) Setup (Part 1)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I am going to introduce you to VPNs, or virtual private networks, and how you can actually connect to them.

If you try to connect to one here, open up your VPN connections here and say configure VPN, you will see that all of the options are unavailable. You will get an error message saying, no VPN plug-in available. Please install one to enable this button. First, we will need an internet connection in order to install these plugins, and if you are on an unsafe connection, or something like that, I would definitely not recommend doing this. Instead, do it from your home network. Install all of the plugins, do all of the necessary prep work, and then you can connect to the VPN of your choice through some other network. In any case, just go ahead and close the network manager. If I hover my mouse over it, it says wired network device not managed. This can present a bit of a problem, so let’s just go ahead and solve that. It’s a relatively easy fix. Go ahead and type in nano /etc/NetworkManager/, with a capital N, and, again, NetworkManager.conf. This is the configuration file for our network manager, and you see here it says managed=false. Let’s replaces this with true, and that’s going to be it. Ctrl + O to save it, Ctrl + X to exit. You will need to restart the network manager in order to apply the updated configuration. So, just type in service network-manager restart. Linux is case sensitive. So, for example, touch test and Test, and if I created these two files they would be completely different. I felt like I should mention that somewhere here as it can be useful, and there we go it says, Wired Network Ifupdown (eth0). Now the interface is managed, so this should work now. Let’s just go ahead and clear the screen.

I have a small file here, it’s basically a list of commands for things that we need to install. I figured it would save some time by writing them down here, and not writing them manually during the tutorial. We’re going to need a few additional plugins for our network manager. What we will need is open VPN and pptp, but I’m just going to go ahead and install the rest as well. So let’s just add the -y so we are not prompted with any questions during the setup process. I could actually do one more thing, so let’s see if we can have them all done in one line. So type in apt-get install, and we can just copy these package names. The amount of y’s that I’ve passed there was unnecessary, but perhaps if I had done it in a different way it would have made a difference. I can pass one -y at the end of this long command because I’m just going to list the packets that I wish to install, and it should work without any problems. So, what is the last one? I need network manager vpnc as well, so let’s just go ahead and paste that here. The last one is the gnome extension, of course, for the GUI. Paste it, pass -y at the end, press ENTER, and there we go. It’s going to proceed on with the installation. There’s going to be a lot of new packets installed. They’re pretty small as they are plugins, so they shouldn’t actually take too much of your hard-disk space, or anything like that. The installation process is fairly fast, this will not take a lot of our time, but you see at the end it actually, well not at the end, but it is restarting the network manager. I will perform an additional reset at the end to cofirm that everything is up-to-date. Actually, it did it by default which is very nice. So, just by stopping and starting the network manager, it’s actually loading up the new configuration, and it seems to be working just fine.

So we no longer need this set of commands. As you saw, you don’t need to actually use every one of these individually. You can just issue one apt-get install command, and then type in all of the packets that you wish. So let’s just go ahead and minimize this, as I’m not gonna need it now, and I can click on add. When I click on add, I will get a list of possible VPN connections that I can use here. I’m just going to stop the tutorial here. In the next one we will have a lot of work to do. We need to go onto a website, find a suitable VPN, and test them out. See how good they are, and see what sort of IP addresses we can actually get from them. In any case, I bid you farewell, and I hope to see you in part 2.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #19: Staying Anonymous with ProxyChains (Part 3)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, we will be importing custom chains of proxies. Now I have done literally no prep work for this, deliberately, because I want to see if I
encounter any problems by doing this the first time around on Kali Linux. If I happen to come across any problems, I want to resolve them here together with you because chances are that you will encounter them as well. But, I don’t predict any unsolvable problems here, this should be fairly straightforward.

Let’s just go and type in free sock5 proxies and see if we can find any for ourselves. So, here have Socks proxies – free socks5 and socks4 proxy lists. Let’s see what this website has to offer. So we have a lot of things here that we can use anonymously. I suppose they all claim that they’re anonymous, but that’s very questionable. Generally, you want to be using proxies in countries that have a good reputation for not sharing your private browsing information. So, the countries that do have a good reputation with that, well China doesn’t share much with anybody else. Russia doesn’t share much data either. If they have the Netherlands here that would be awesome, because the Netherlands have fantastic privacy policies in terms of information, in terms of personal user information, and Germany is also not bad. Those are some of the countries which you can use that are fantastic in terms of privacy. They will not share your traffic with pretty much anyone, or so they claim. Who will you trust? That is completely up to you. Again, it doesn’t really matter that much for the sake of this tutorial series, because all of the work that we will be doing here is white hat, and all of it is legal. So, you can use any of these to simulate a real attack. Even if you can reverse tracks and find yourself it’s still okay, as long as you are using some sort of a proxy to give real-time circumstances, and encounter real time problems. Also, to circumvent firewalls and so on, if you want to use Netflix, or something like that, you will need a proxy in the United States. However, a proxy wouldn’t suffice due to the slow speeds, rather you will need a VPN.

Anyway, without further ado, you have the IP address here which we will need, you have a port number here, we won’t need this, we will need this, and we will need a version. Let’s see if there are any any proxies from the Netherlands. No, the Netherlands is not even listed here. Let’s go ahead and select the first five from the list. So I need to copy this, open up my terminal, and let’s arrange the windows to make copy/pasting convenient. There we go. Let’s grab the Firefox browser and just expand it accordingly. So I now have all of the information that I need. I have the port number, version, and the IP address. Let me clear the terminal, nano/etc/proxychain.conf, make sure that dynamic is selected and everything else is commented out. Go ahead and scroll down to the bottom, and let’s get started. Now we need to specify our proxychains. Anything special that we need to know here? No. Type in the host port, user values, nope, doesn’t specify anything special. Let’s go ahead and type in socks5. Let me confirm that this first one is socks5, yep, it is socks5, and paste the IP address. Let’s just go ahead and add tabs here to be on the safe side, so that it all is neatly done and sorted. So, it’s 33169, press ENTER, so socks5, tab, what is the next one? The next one is 9480. Paste it, tab, and the port number is 1080. Let’s add the next one, no this one is actually socks4, and the next one is actually socks5. As you can see, it’s a fairly simple process. I mean, there’s nothing really special that you need to do here, just create a list of proxies which we will end up using. I can assure you that most likely half of these proxies do not work. Not because I can see some information here on the screen that you can’t, but because I have experience with such proxies, and they generally do not tend to work. But, enough of them work for you to be able to anonymize yourself to a good extent. So the next one is 1806, and 0. Make sure you get the ports right. If you put in the wrong port your connections will be dropped by default for that IP address, and you’ll think that the proxy is malfunctioning when it’s not. It’s just you typing in the wrong port. So, again, we have socks5, an IP address here. What is the port number? 1080 again. You will see that some port numbers have been standardized, and they are just repeating, so you don’t need to do that much thinking there. Press Enter. Now I can save save the file, excellent! Okay, so, let’s exit nano.

Let’s go ahead and expand our beloved terminal, the holy grail of power, and type in pretty much the same thing as we typed in the previous tutorials, proxychains Firefox www.duckduckgo.com. Keep in mind you can type in any URL here, and as long as it’s valid it will open it. So let’s just go ahead and see what happens. Press Enter…nothing, literally nothing. What happened? It didn’t start proxychains. Why not? Well, you need to close the browser first, and we unfortunately had this list open that continuously keeps changing as well. That’s a problem, because you cannot have Firefox open and then start it again through proxychains. You need to close it completely, make sure that it is completely closed, I can see nothing in my working menu down there, and let’s try again. Same thing. See, now it’s taking a bit longer. As soon as you see that something flies through with proxychains, you know that something is wrong because there is no way it’s going to be fast. So what do we got here? Timed out, timed out, again we have timeouts, and it’s a dynamic chain so it’s trying to go through all of them, but it’s skipping those that are not functional. When I was first getting started I was like, I’m going to use 50 proxies, and I’m going to be completely anonymous. No, I wasn’t even able to load the most basic of sites, or issue even the most basic of requests with that. You need to keep it low, in terms of proxies, depending on their speed. So, hopefully one of them is going to pass, and one of them is going to work. This is one way of troubleshooting, another way is just looking at the screen and see what’s happening here. So, I’m just waiting for at least one of them, yes, there we go. One of them said, okay, but it needs to go through and try all of the other proxies in our chain. Hopefully, it’s not going to take too much time. So we have all of these timeouts, and only one of them was confirmed as being functional. Which proxy was okay? DNS response duckduckgo.com, there we go. It should be open now, no it is not. This was just a DNS response. Okay, it’s formulating a request again through a different series. Come on, please succeed…excellent! This one didn’t succeed, well, now it has. DNS response is DuckDuckGo.com is 50.18.192.250. Has it opened? No, it has not. Okay, we must wait a bit longer, and this is the sad reality of using free proxies. If I had confirmed that these proxies were functional prior to recording this tutorial it would have made this much simpler, but I just wanted to make a point here and show you that you’re not going to get very far using a lot of free proxies. Imagine scanning a hundred hosts using proxychains like this, and this would be the amount of time that it would take to even load a basic web site. Imagine how long a scan would take. It would take practically forever. Okay, finally it is requesting information on port 443. As you can see, all of the above communication was attempting to get a response from a DNS server. This is how much information has been processed before we even started to load duckduckgo.com. As you can see by the port names, it’s 53, the 53 is our DNS port. If we go down below, you can see that finally I’m looking for port 443 somewhere around here. I swear I saw it a moment ago. 1080, that’s a proxy port, this is a proxy port as well, 53 again, DNS resolution port, yes, there we go, 443 has begun here. It’s still loading it. I wonder if it has opened it? Yes, there we go. It is up and running, and the site is functional, but it has taken us a lot of time to open it using free proxies. I would recommend sticking to two or three at max and it should work, and stick with the ones that have the best grades, reviews, and so on. Stick with the ones that have the greatest up-time as well. In any case, I bid you farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #18: Staying Anonymous with ProxyChains (Part 2)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. I’m just going to pick off from where I left off in the previous one.

As I said before, you have a type of proxy here, and you always want to be using socks5. You don’t want to be using HTTP because it isn’t a very secure protocol, and socks4 doesn’t support very many options. Anyway, this is the IP address of the proxy server, we will enter a few of them manually later on, and this here is the port number on which the proxy server is listening, the port that is open. Over here, these two words, now what some proxy servers, especially paid ones, will always have is a username and a password. You can type them here in plain text, unfortunately, but it is assumed that only you, and you alone, have access to this computer. Besides, not everyone can read this file. So if you type in the username and password here, you will gain access to a certain proxy that you have chosen. These are just examples. We won’t actually be using these proxies. We need to go down below, and here is the end of the file. So if I press ENTER a couple of times, there we go. There is only one proxy active at the moment, it’s socks4, and all traffic is being routed through there. Now tor by default listens on this port, and our connections will be going through tor now, but just in case I want to add socks, and you should really do this, socks5, press tab, and type in exactly the same IP address. By the way, this 127.0.0.1 is the loopback address of your computer. This is for inter device communication. If you ping this address, you’re pinging yourself, basically, and usually people ping this address in order to make sure that the IP protocol is set up correctly. So, let’s just type in 127.0.0.1, same port number, space here, no tabs, 9050. There we go. Press Ctrl + O to save the file, press ENTER, and by the way you don’t need to use Nano to edit this file. You can also use VI or some other text editor in order to edit it. I like using nano. It’s practical and it’s fairly simple. It’s much simpler than VI. I know how to use VI as well but it’s a bit more complicated, so I prefer to keep it out of the tutorials. Anyway, press Ctrl + O to save. It doesn’t hurt to save the file as many times as you like, and then press Ctrl + X to exit. There we go. Now we have the file saved. Clear the screen. You always want to make sure that you are working in a very neat environment. Then go ahead and type in service tor status to see if tor is running. Tor is not running so it gives you an answer, and what we want is to start tor up. So service tor start, press ENTER, there we go. Now the tor service has started, and it is up and running.

So the next thing that we need to do is use proxychains in combination with tor, and in combination with our internet browser, in order to be able to access a third party in order to verify that all of is working properly, and that we are anonymous. A lot of people do the configuration, and they type in service tor start, and that’s it. They don’t verify these settings. They start to scan and what happens? Of course, they get detected because they most likely misconfigured something. What you want to do is go ahead and type in proxychains, so proxychains. Remember, we do not want to browse the Internet as a root user. We’re just going to use it to verify our proxychains settings, and then I’m going to close the web browser. So, I’m only using it for that purpose. We will use proxychains later on for a different purpose, for scanning, and so on and so forth, and then we can use it as root. But, it’s not a good idea for web browsing, for security reasons. Anyway, proxychains and then type in Firefox, or you can type in your preferred web browser. I think Firefox works the best with proxychains since that is the default browser of Kali Linux. Even though it says iceweasel, it’s Firefox, trust me. So type in proxychains Firefox, and we can type in the web site that we wish to visit. So, let’s just type in www.duckduckgo.com. Now duckduckgo is a search engine that also helps to anonymize you. You will have a far greater extent of anonymity than you do when using Google, or an equivalent popular search engine, as they record your traffic, they record your IP addresses, and that can be problematic in itself, especially when you’re doing some sort of footprinting. You do not want to be recorded anywhere. Anyway, let’s just go ahead and press enter, and the web browser is loading. You can see that the loading time is definitely not the fastest, it’s a bit slow, but it has loaded it up. We will just go ahead back to our terminal and see, excellent, so you see that the link has been established here. There are some problems as it says denied somewhere, but that’s OK. You’re bound to encounter errors here, especially when you’re using custom chains. You will see that there will be more error messages than there will be okay messages. But, believe it or not, the connection still manages to pass through somehow and still manages the function in spite of that. Anyway, I’ll just go back and open up our web browser once again, and just type in check for DNS leaks, and press Enter. Okay, so DNS leak test, excellent! Let’s go ahead and click on this one and see what happens. Hello, this is my public IP address now, 217.13.197.5, and it says that I am from Germany. I assure you that I am not from Germany. If you wish to to verify all of this you can open up a new terminal and type in service tor stop, and then open up your regular web browser without the proxychains command, do the same test again, and you will see that you will get a completely different IP address, which will be your real IP address. Anyway, it says hello, this is me from Germany. I’m going to perform a standard test, I’m not going to do an extended test, it’s the same thing for the most part. This one does more rounds but you get the same information, more or less. So it goes query one, excellent! This is my DNS, this is my ISP provider. So look this is what they have concluded in regards to my DNS: it’s level 3 communications, and it says the country is the United States. This makes no sense whatsoever, so I am anonymous now. I can’t be detected, which is a very good thing to have indeed.

This IP address will change from time to time. Let me just copy it, and I am going to go ahead and show you that it actually does change. So, accessories, I’m pretty sure there is a text editor here, excellent! So I’m just going paste this IP address, and now what I’m going to do is go ahead and close this browser. I don’t need this, so service tor stop, it’s stopping it, service tor start, it’s starting it. So, you don’t need to actually write start/stop, you can also do service tor restart, and it’s going to do the whole process for you. So you can save a little bit of time there. Let’s just repeat the process. I’m going to go ahead and type in proxychains Firefox, and I will request the same search engine as well. Will it open? Now don’t be discouraged if it doesn’t open it straight away. If it says you don’t have connectivity, or the website is not available, just try typing in the service tor restart command a couple of times until you get it. Sometimes certain IP addresses are blocked and you need to be assigned the one that is not, so don’t immediately jump to a conclusion. Just try resetting it a couple of times and you will resolve the problem. A different IP address will be assigned to you each time. Anyway, let’s just go ahead and type in check for DNS leaks, press Enter, and here we go. I’m just going use the same website, dnsleaktest.com, that’s the name of it, excellent! So you see now I don’t even need to compare the IP, obviously it’s different. So this one is 217.13, this one is 91.109, so completely different IP address here, and from a completely different place. Now it says that I am from the United Kingdom, apparently somewhere in London. I’ll go ahead and issue a standard test to see what sort of resolutions I get here. This might take a while, that’s why I’m doing the standard test, this one was a bit slower. It depends on how far away the servers are. I suppose I’m a bit closer to Germany than I am to United Kingdom. I suppose this depends on the speed of the server’s as well. Anyway, you can see my DNS resolutions here, it’s level 3 communications, again. Yeah, I am completely anonymous with this. I am unlikely to be detected by pretty much anything.

If you wanted to, for example, use proxychains with nmap, I’m not going to go into great detail now, I will show you this when we get to the nmap section, but before we do we can see some verbose output here on how this is actually functioning. So, there are certain domains which are being contacted, you can see pretty much everything that is going on here. It isn’t a bad idea to sometimes go through this sort of information, especially if you do not have connectivity, or if you wish to better understand exactly where your traffic going, where it is passing through, and how is it spinning around. Anyway, let’s just go ahead and clear the screen and use, let’s say, proxychains nmap, and this is all that you would need to do in order to route all of nmaps traffic through proxychains. This is pretty much true for any application. Just invoke the application as you would, so normal nmap invocation would be nmap, and then some IP address here, and then a port number here, and some arguments as well to go along with it. But instead of just typing it like that, you can use proxychains and hide yourself. How would you invoke a browser on a regular basis? You would type in Firefox, press enter, and that would of course open up a Firefox browser. So, any application that you can start through your terminal, and you can start all of them through your terminal, just type in proxychains in front of it, and all the network information generated by that application will be routed through proxychains. Now will it use a preset of proxies or will it use tor? That is up to how you have configured it. There will be a part three to this chapter. I will show you how you can import custom chains of proxies, and how you can use those proxies to access things on the net, or to hide your activity behind them. In any case, I bid you farewell, and I thank you for watching.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #17: Staying Anonymous with ProxyChains (Part 1)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will be talking about how you can configure proxychains to work in combination with tor in order to anonymize traffic. Not only web browsing traffic, but rather instead, all network related traffic generated by pretty much all of your applications. Now there are a few applications which will not work in combination with proxychains. Namely, one such application is Metasploit. Now Metasploit is practically a hacking framework, and it is of crucial importance for pretty much any sort of hacking activity in today’s world. It allows automated generation of the code needed to break certain systems, and it also contains a list of vulnerabilities as well. However, what I want to do here today is show you how you can anonymize pretty much all footprinting traffic, or traffic generated by nmap when you’re gathering information, or even when you are web browsing, and how you can cover your tracks in general.

One of the first things that you do need to do, in Kali Linux they come pre-installed, is download tor and proxychains. You may need to install these two software packages on other systems. Tor can be difficult. I have seen systems where tor is not installed by default, and I have shown in the previous tutorial how to install tor without any problems. What we will need to do here on Kali Linux is simply configure the software, and not install anything. So, let’s just navigate over to the etc proxychains configuration file, nano/etc/proxychains.conf, press ENTER, and there we go, we are in the configuration file. What is proxychains? Well, it gives you the ability to route your traffic through a series of proxy servers and stay anonymous by hiding behind them, or by having them forward your request so that it looks as if your requests are coming from them, as opposed to from you. Surprisingly enough, there is a large number of free proxy servers available that you can use, but they’re not very stable, they tend to go up and down, and they’re not very fast. So, for specific targets they can be useful, but not for any form of brute forcing attack. If you are doing something to a certain target, if you’re trying to log in or you’re already logged in, you can definitely do it through proxychains, and it will be reasonably fast and stable. If you’re performing some sort of mass scanning, or you’re brute forcing a password, proxychains with a list of proxies selected from the internet, free proxies that is, will not be very stable. I mean, it’s going to work eventually in a technical sense, but it will consume more time than you can spare. And by more time than you can spare, I mean a month or two to do a simple scan. For the time being, I want to show you how to use proxychains, how to configure them, because they are really useful useful. I use them fairly often, many people do, and it’s a fantastic piece of software.

First off, you have different types of proxies here which you can use. You have HTTP, socks4, and socks5. Now there are fundamental differences between these protocols. You always want to find yourselves a socks5 proxy, as that is the most advanced protocol, and it has the ability to anonymize all sorts of traffic. HTTP, well as the name itself says, it’s for HTTP traffic, and socks4 is very similar to socks5 but it does not support the ipv6 protocol, and it does not support the UDP protocol. So, socks4 can be rather problematic. You always want to make sure that you’re using sock5 whenever possible. Anyway, down below you have these options which we will go over. To enable these options you don’t need to type in any complex lines of code, or anything of a kind, you just delete the hash and that’s it. Save the file, the option is enabled. This hash presents a commented out line, meaning that the system reading this file will ignore it if there is a hash. If there isn’t a hash it will take it into consideration and interpret it accordingly. Anyway, what we have here are statements which allow us to specify how we want our traffic to be routed. So, first off, we have dynamic chain. Dynamic chain is an option which you will find people using the most. It is the most commonly used option, a preferable one, and I honestly think it’s the best one because it’s the most stable one. Here’s why. Suppose you have ABCD proxies, so those are some servers with IP addresses with open ports. If you have a strict chain policy like we have here, you will only be able to access any site by going through ABCD. So, you have to go through all of them, and you have to go through them in that specific order, ABCD. I am sure you can already see how that could present problems. I mean, if you’re paying for five proxies that’s not a problem because they will always be operational, they will always be up. That’s not a bad option at all. However, most people use free proxies, and they don’t tend to pay for them. Why would you pay for 5-10 proxies for a simple scan? They’re not free, they cost money, they’re not that expensive either, but still, the act of paying itself identifies you, and it diminishes the amount of anonymity you have on the net. There are some complex payment methods with which you can use to anonymize yourself, such as cryptocurrency, but still, it’s far simpler to use dynamic chains. So I’m going to go ahead and un-comment this line of code. Strict chains will no longer be used. I will be using dynamic chains. One more thing to note here is that if you want to use proxychains in combination with tor, so if you want to route all of your traffic through the Tor network, not just web traffic, you must enable dynamic chains. I mean there is a chance that it will work with strict chains, but due to the instability of tor nodes it is highly unlikely. Anyway, if you are using dynamic chains it gives you the ability to go from ABCD, to your desired destination, by not having to adhere to any order. So let’s say that C is down. You would go through ABD and it would work without any problems. If B was down you would go through AD, and you would still reach your destination. So, as long as one single proxy is functional it’s going to work, and it doesn’t require a specific order.

Down below you have random chain. Now random chains are, in effect, basically the same thing as resetting your services. If you’re resetting tor you will be assigned a new IP address, I mean tor assigns you a new IP address every 10 minutes or so, but with the random chain option you can specify a list of IPs. And then you can tell your computer, OK, I want you to connect to this point, and every time you connect, every time you transmit a packet, I want you to use a different proxy. We can do that as well, that’s definitely a viable option. You can say, OK, use this one five times and then change it to another one, or something like that. There are a lot of options to specify here, primarily the chain length. If we go ahead down below there’s the quiet mode, and you don’t really need that. Proxy DNS requests – no leak for DNS data, this is very important. You cannot have any DNS leaks. Let me explain to you what DNS leaks are. Even though somebody cannot get your particular IP address, they can get the IP address of the DNS server that you are using. What DNS servers do is resolve the domains to IP addresses, and vice-versa. So, for example, if you typed in youtube.com, the DNS server of your local ISP provider will resolve that into some sort of an IP address that YouTube has, and it will make a request. You do not want that happening because your local DNS server will be discovered, and that information can be used in order to figure out your personal IP address, and then your physical location is pretty much compromised. You definitely need proxy DNS here. It might slow you down a bit, but without it you won’t be anonymous. It is just a matter of time before somebody finds you. If you go down below we have some other options here, but we’re not really interested in them at the moment. What we got here are formats for entering proxies, and I’m going leave it at that. We will cover the rest in the follow-up tutorial. But, just a key note before you go onto the next tutorial, have a look at these. You don’t need to go on the internet and read anything about it, just have a look at the format here, how they are written. This is an example of proxychains and how you can write them down. So you have a type of proxy, you have an IP address, figure out what this number is, what this name is, and what this word here is. I will of course explain all of this in the next tutorial, but just try to figure it out on your own. It’s pretty simple. In any case, I bid you farewell, and I’ll see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #16: Accessing the Dark Web Using the Tor Browser (Part 2)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this follow-up tutorial. Today, I will show you how to install TOR itself. We’ll go through the installation procedure, and in order for us to do that we will need to use the new user that we have created, test.

First, we will need to switch users. In order for you to do that you need to log out, and in order for you to log out in Kali Linux just go ahead and click in the upper right corner where it says root, scroll down to switch user, and there we go. Excellent! It now says the active user is test. I’m already logged in as test because I have done this previously, but it’s going to prompt me for a password as well. So, just go ahead and type in the password for your user, press enter, very simple. There is a browser icon in the upper left corner, it’s blue, it’s a reliable browser. Go ahead and click on the icon, navigate to your favorite search engine, type in tor, press enter, and open the first site in the search results. It should read tor project: anonymity online. Make sure, absolutely make sure, that you are downloading this browser from the official source. In the browser it says “https”, make sure there is an “s” at the end. Make sure that the domain is correct as well, so torproject.org. It’s not .com, it’s not dot some country extension, it’s .org. Anyway, go ahead and click on download tor, and I need the 64-bit tor browser for gnu/linux. In case you’re using another operating system, over here you have it for Microsoft Windows, Apple OSX, etc. We are going to go ahead and use the Linux/UNIX version. There are some addition resources here on the site, you have forums, questions, FAQ, and some other things as well. I would strongly advise that you browse around the site for a bit. For the time being, I’m going to go ahead and click on download, yes I wish to save a file, and the download will proceed. It should only take about a minute or less to download.

What you do with tor is simply route your traffic to go through certain points, and every time it hops there is an encryption layer. It makes your connection very secure and there are these things that are called inner nodes. So, for example, you go from one computer, nodes are basically computers or servers through which you go, so you make a request to a certain website, and then your connection goes from your computer to some other computer, and then from that computer to some other, and so on and so forth, until it reaches the exit node. All of these devices are a part of the TOR network. Once it reaches the exit node, it is the exit node that actually makes the request for the site that you wanted. Basically, you are using a lot of proxies, that would be the very basic explanation, but there is a lot more to it. The encryption being the major part of it. So, there are multiple layers of encryption there and it is nearly impossible to figure out where a request is coming from, unless you are controlling these nodes, or something like that, which is highly unlikely. Basically, using the TOR network is a fantastic way of staying anonymous. You do not need to necessarily use the tor browser just to access the hidden web, rather instead you can use TOR to torrify, that is the term, to torrify your applications. Once you torrify them all of traffic generated by those applications will be routed through the TOR network, and you will be anonymous to a very large extent. Although, keep in mind that connections, all things using TOR, are very slow because your connection is being routed through a lot of devices, and there are a lot of people out there that are using those devices. Anybody can contribute, really. You can find additional information on the TOR official website.

In this particular tutorial I wanted to introduce you to TOR and show you the dark web. So, go ahead and click on the file you downloaded. It says reading archive please wait, excellent! I am going to extract it to test/desktop, so go ahead and proceed. Let’s see if it’s going to succeed. Extracting files from archive, don’t cancel it just quit it, excellent! Go ahead and open up this folder and start the TOR browser. Just go ahead and click on start tor browser, run, and this process might take a bit of time. Now you might ask yourselves, what is so special about this TOR browser? It looks like a regular internet browser. The TOR browser gives you the ability to access the .onion domains, and here’s how we do that. The first thing that I’m going to do is type in hidden wiki. The hidden wiki links to a large number of other .onion domains, to those of significance anyway, and it’s URL continuously changes. That is why I am searching for it in the video, as opposed to pre-loading it, primarily to show you how you can find it. It’s not really that difficult, you can just type it in to the search engine. So, let’s just go ahead and open up a couple of these websites. So here we have .onion domains, a list of them, quite a large list, but I’m not actually interested in those. Here it tells us that the hidden wiki has been hacked, this is the new URL, spread it. Don’t worry about this, this happens like all of the time. This is just one of those things that you have to learn to live with. I know it’s a bit inconvenient to have to search for the URL all of the time, but if you want to access the dark web things are not as stable as they are on the on the regular web. So it says, welcome to the hidden wiki, new hidden wiki URL added to bookmarks and spread it, excellent!

Let me explain where we are. This is a rather large list of links for .onion domains, as I said, and you have many different resources here. Some of them are illegal and we will not go into those, basically where you have people who are selling PayPal accounts, credit card numbers, and so on and so forth. That is not somewhere we should go. Perhaps, if you would like to check out if your PayPal has been hacked, or something like that, you can go on to those websites and search for it to see if it’s actually there. Other than that, I really see no other reason why you should visit them. There are also a lot of things concerned with the anonymity of payment online, so Bitcoin, prepaid cards, etc. Anyway, down below you have commercial services. I wouldn’t recommend buying anything that needs to be shipped to a physical address. They have an anonymity and security section. Here you have some things concerning proxies, the TOR network, etc. The primary purpose of why I am showing you how to access the hidden web is so you can use a large amount of these external resources during your pen-testing exercises. What we are mainly interested in are the forums. So you have forums, boards, chans, and so on and so forth. Let’s take a look at a few of them. Keep in mind that they tend to be down, that the URLs tend change, and this can be problematic. So let’s try BlackBook, HackForum…yeah, you see there’s a problem loading this page. This is not going to open. Hack The Planet, let’s see what they got there. The Intel Exchange, excellent! I think this is one of the better forums. Let’s go through these pages and see if we can find anything of use. We are in the intel exchange. This is one of the forums where you will need to register, but I mean nobody’s asking for your credit card information. Just fill in the basic information like your user name, password, how you wish to be addressed, and so on and so forth. You have general discussions, we don’t really want that, we have software, excellent! This is what we were looking for, software. So hacking, programming, TOR, and everything else about software. Let’s see what’s here. By the way, whatever code you download from these websites you will need to run within a virtual environment, or do not run it at all. I’m just going to go ahead and say that you should not run it on your regular machines, or on anybody’s regular machines, because that’s never a good idea. So, what do we have here? Best programming language for making an OS. Well, we don’t you really need that. That can be rather complicated. Down below, is it safe to download PDFs on TOR? You shouldn’t do that, you shouldn’t download anything on TOR that you will use on your regular machine. So we have some fairly silly things here which we will never use, but there are some very nice resources. We have IP address questions. So, what can you do with an IP address, and so on and so forth. I can’t open any of these because I’m not registered, but I have been on these forums and they can be quite useful. I don’t think I’ve been on this one in particular, but I have been on forums on the darknet, and you can find some interesting things that people have done, some interesting methods. Usually things tend to be published here first and then they hit the general public, or they regular web. We have keyloggers here. So you can find some information on keyloggers, how to use them, where to find them, but I was just reading the reviews mainly here, and the suggestions, and then figuring out where you download it. It is important to check if software is open or closed source. If it’s open source perhaps you can go to their website and download it from there and be safe in that manner. So that’s not a bad idea. You see hacking tools, SQL injections, operating systems for hacking, root kits, and so on and so forth. You have a ton of information here which I would strongly recommend you explore. Do not do anything illegal, just go ahead and visit the forums and see what sort of information can you extract from it. That’s all. In any case, this will conclude the tutorial here. I hope you find the dark web to be a useful asset in your pen-testing career, or your pen testing activities in general. I believe it is. You can find a lot of useful things as I keep restating. The connections can be rather slow, but it is safe to install the TOR browser on your regular machine so long as you download it from the official site, which is torproject.org, under the https protocol. In any case, I bid you farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #15: Accessing the Dark Web Using the Tor Browser (Part 1)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this tutorial. Today, I will open up a chapter on how to stay anonymous.

So, there are several methods that you can use. First off, you’ve probably heard of proxies. Proxies route your connection through several different points. This can be very slow depending on the speed of the proxies, and you also know nothing of the other side. You know nothing of the server’s through which your packets are going. If you’re using proxies to log in somewhere with your password credentials that is potentially dangerous, and you should not do that. The other option is to use a VPN service to encrypt your traffic. A VPN can be very fast, especially if you use a reputable provider. A yearly subscription will cost you around $100, and a monthly subscription is roughly $10. You will get a dedicated VPN, static IP address, and you shouldn’t notice any delays with your connection to the internet. Furthermore, your traffic is encrypted, and the only way to lose anonymity is if the VPN service provider relinquishes your information. However, this does not happen often, especially if you get a VPN in certain parts of the world where they value privacy. What we are going to be using VPNs and proxies for is to bypass firewall settings, or firewall limitations.

Here’s a real-life example that people are using pretty much on a daily basis. Netflix, for example, has a certain range of IP addresses from which it allows connections. So, if you are elsewhere in the world, and \do not belong to that IP address range, it will not allow you to view anything on the website. However, if you use a proxy, a good one, or if you use a VPN, you will be able to access the site as though you were coming from the country which falls within the IP address range list. That’s just one of the common examples for why people use VPNs. Not exactly legal, but people have been doing it. It’s not exactly harmful, you’re not taking servers down, or something like that. People use VPNs in order to watch Netflix from a cell phone while they’re traveling, or something like that. In any case, there are numerous other examples of when you want to bypass certain firewall settings. For example, if you have a certain server whose traffic is mainly generated from a single area, from a single country, and you do not want to be, for example, scanning from an IP address in China. A network administrator would see that IP address and they will know that it’s an anomaly of some sort, and that it doesn’t belong there. This will draw unnecessary attention to yourself. You want to be accessing the server from where all the other users are.

In any case, that is what we shall be doing in this chapter, but for the time being, for this tutorial, I want to show you how you can access the dark web, or the hidden web, whatever you wish to refer to it as. Now rumor has it that the dark web is a lot bigger than the regular internet, that there’s a lot more information there. To access it you will need to install the tor browser, and with the tor browser you will be able to access the darknet. It is not installed by default on Kali, and this is one of the rare situations where we will actually need a different user other than root in order to be able to do anything with tor, in order to be able to start it. So, first off, I’m going to go ahead and create a new user. Open up your virtual machine, you see mine is already opened up here, and I have my terminal up and running here. Just open up your terminal and type in the following commands. First off, we need tor. I will explain what tor is in a moment, but you just type in apt-get install tor -y, and press ENTER. You will of course need an active internet connection to install the software. The -y argument in the command simply tells the system to answer “yes” to any prompts within the setup. Let’s just go ahead and clear the screen.

The next thing that we need to do is create a new user. Go ahead and type in the command adduser. Just a key note here, there is also a command called useradd. Do not use this command for the time being because it causes some unnecessary complications. So just go ahead and type in adduser, and now you can name your user whatever you wish. You cannot use capital letters if I remember correctly, that’s the rule in Debian systems, so I’m just going to call my user test. It says adding user test, adding new group test, adding new user test with group test. It will also create a home directory for that user. You will need this folder because we are going to be doing things here which you cannot do with root. Now go ahead and type in your password here. It doesn’t show anything when you type because that’s the standard way of UNIX passwords, in order to prevent anybody from seeing the length of your password on the screen. Go ahead and press Enter. Now you are prompted here for some information in regards to that user. Completely irrelevant for our purpose today, so we don’t type in the full name, room number, work phone, home phone, other, etc. Press ENTER, and there we go. We have just effectively created our new user, test, to which we need to login, and then from there conduct our work. Now a key thing to note here is that even though there is a way of configuring the tor browser to run as root, don’t. It’s not even a good idea to browse the Internet as a root user. If you pick a virus up, any sort of malicious code, it’s going to run as root. Not good, even if it is a virtual machine. I don’t want you to develop any bad habits. Otherwise, we will be using the root user throughout the majority of the course. All of the pen-testing tools require, more or less, root permission. Anyway, I will cut the tutorial here, and I’ll see you in the second part of it.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato

Posted on

Learn Ethical Hacking Episode #14: Command Line Essentials (Part 2)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to part two of this command line essentials tutorial.

Let’s go ahead and save the file, so press ctrl + O to write the output to the file. It says File Named to Write, you can actually modify it here. So you can type in some letters, or whatever you would like. You can change the name here, or you can even change the extension if you would like, but there is no need for the time being. I’m going to go ahead and save it as test. Press Enter, there you go. It says wrote one line. Control + X to exit, there we go. Clear the screen, and now I’m going to use the cat command to get a listing of this particular file, which is far more reasonable than the previous one which we couldn’t read. The cat command was functioning properly, but it was mostly a binary file. Therefore, it gave you a listing, but you couldn’t really read anything from it. So let’s just go ahead and type in cat test, and there we go. It says, some random text goes here. That is the text that we have typed into the test file, and you can cat it like this. The cat command is especially useful if you would like to to quickly see what is located within a file.

There is another way of doing this, the command is called LESS, and let’s go ahead and navigate over /etc/apt/, ls, and here we have plenty of files to work with. Let’s take sources.list as an example here. So, if I do cat sources.list, I’m going to get everything that is within that file, as before, and it’s going to be listed in my terminal. But, there is another command which I can use, let me just go ahead and clear the screen. It is called less. If I type in less sources.list, I’m going to be prompted with a new workspace within the terminal itself, and when I press Q it’s gonna exit, and nothing will be displayed here. So, very nice in terms of being neat and organized. So less and cat are very useful commands.

Next up, we have the GREP command. With grep you grab something from something else. Here’s what I mean. You type in cat sources.list, and you type in a pipe. This symbol here is called a pipe. This means that whatever the output of this is, pipe it to whatever command comes here. I’m going type in grep, and let’s say I want to type in src. Press Enter, excellent! So, it will only print lines that have src in them. Linux is case sensitive so when you are greping, it’s going to check the case of the letters by default. You can tell it to ignore case like this, -i means it will ignore the case. You’re going to get the same output because there are not any different things within this file, but you get the general idea. So this is how you would use cat with grep in order to pull things out of a file. Very important! This is a huge function of the Linux terminal, filtering through text files. We’re going to be conducting large network scans, and we will want to create files from which we will be able to pool useful information, which we will later pass to other tools to do something with. Anyway, let me just go ahead and clear the screen.

Continuing along, we have the ECHO command. So, echo, and I give it open quotation marks. Let’s say, “I AM ALIVE.” Close the quotation marks, and it will echo these words. It literally is an echo. You type something into it and it echoes them here. Let’s go back to the home directory, get a listing, and use exactly the same command echo “I AM ALIVE.” By the way, you can scroll through the previous commands by using arrow keys. So, using the up arrow key and down arrow key you can scroll back through previously used commands, and you don’t need to retype them. So, “I AM ALIVE”, and I’m going to insert this, so I’m going to use a greater than sign, and type in test. So this will echo “I AM ALIVE” into our test file. If I type cat test, you see it has replaced the contents of test, which was some random text goes here, with I AM ALIVE. You can change variable names and values with echo, and so on and so forth. We will use this a bit more as we progress through the course. I don’t want to get in depth here because later on when we have clearer examples that directly relate to pen-testing. Then you will see more advanced usage of pretty much all of these commands, especially grep.

We have the TOUCH command. Touch is a quick way to create files. So, for example, I can type touch, and I can say file1, file2, file 3. Press ENTER, ls, and you see it has immediately created three files. Touch is a very quick way of creating any number of files that you wish, and you can specify folder paths, you can create this file in home, this one in var, and so on and so forth.

Anyway, down below you have MKDIR. So, if I go ahead and type in mkdir, it stands for make directory. Let’s name this directory placeToBe. If I ls, there we go. It states that this file is actually a directory, which is placeToBe. I can even navigate to it and say placeToBe, ls, there is nothing in it, but you get the idea.

Next up is the CHOWN command. Chown allows you to change the ownership of a particular file. Now since we only have a single user here which is root, there isn’t really any point in doing so unless we create new users. We are not going to do that as we don’t need them, but let’s do a quick example. If the owner of a file was not root, and if you wanted to change it to root, he would do the following. So, chown, and then you would type the username, colon, the user group. So the user group and the user name are usually the same on your home PCs, unless you’re a part of a larger server, or something like that. Then you just specify the name of the file. We can type in test, there we go. So it will effectively change the ownership of file test to the username root, who is from the user group root. If I type ls -la, you can see here it states who the owners are, and which groups actually own the files as well. Clear the screen.

There is another, more common, command called CHMOD, and this command allows you to change file permissions. So, this is something that you will need to use quite often. If I have an executable file in Linux, for example, let’s just go ahead and type in echo “echo hello” close quotation marks, and I want to output this to test, and I want to move test to test.sh. Sh is a BASH script for Linux. You can use BASH scripts to automate tasks. We will deal with this in greater depth as we proceed through the course. BASH scripting is very similar to the terminal itself. Almost all of the commands that you use in the terminal you can use while BASH scripting as well. Now I want execute test.sh. The way to start executables is ./, as I have stated previously, and if I type in test and I press tab, it doesn’t give me a list of possibilities. Why? Surely, now test.sh is an executable, but no. You see it doesn’t have permission to be an executable file. If we just take a look at this file, and take a look at this file, this one is green, this one is not. Now look at their permissions. So, you see it has a notation that it is executable for all groups, users, etc. While this one up here, test.sh, does not have such permissions. You need to change that. The way you change it is chmod, and you will type in +x. So if you want the file to be writable, you type in +w. If you want it to be executable, +x. If you want to be able to read the file, +r. Very simple. There is also a way of doing this with numbers. You can type in 755, don’t memorize all of those modes. Whatever you need you can go on the net and check, it can be quite complicated, but these three you need to know. It’s +w, +r, and +x, and also 777, which is a global mode. 777 is not recommended for actual usage, but you can use chmod to actually test or troubleshoot things. For example, if you want to be absolutely sure that certain actions are not being prevented due to file permissions, you change the mode of those files to 777, which is the global mode that anybody can do anything with the file. If you still have an error message you know that it is absolutely not related to anything in regards to permissions. So those four things you do need to know. So let me just go ahead and type in +x, type in test.sh, press ENTER, and if I do ls -la, you will see that test.sh is now executable. Let me just run it, and there you go. If I run this it’s going to echo hello onto my terminal screen.

There is one more command that I would like to show to you. It can be a very dangerous command, it can mess you up in ways you can’t even begin to imagine yet, and that is the command RM. So rm is remove, and once you remove things with this command it’s next to impossible to recover pretty much anything. So if I type in rm test.sh, it’s going remove it, and it’s no longer going to be there. If I navigate over to placeToBe, and touch test, it’s going to make a new file there. If I go ahead and say rm placeToBe, it’s going say rm cannot remove placeToBe because it is a directory. This is a fail-safe for the rm command so you do not accidentally delete a full directory. What you can do is type in rm -f, and then placeToBe, cannot remove directory. Okay, not a problem. I’m deliberately going to leave this part in this tutorial to troubleshoot it. So if we type in –help, and here you have recursive, remove directories and their contents recursively. Let’s go ahead and do that because this will go into the folder, and remove everything within the folder, and the folder itself. So let’s just go ahead and type in rm -r placeToBe, press Enter, there you go. It has deleted all of it, and it is no longer there. The -f function, -f that I have used, is forced. It will not ask you any questions, it will delete the folder or file which can also be very dangerous. Ideally, you want to be asked for confirmation. In any case, as I said, I have deliberately left this in order to show you that even if you get stuck, don’t worry about it. I get stuck all of the time. If you don’t know what to type in, which argument to pass, just type in –help. Take a look at what you can actually type, read a little bit, and then use the options available to you. If you can’t figure it out from the help menu just type in man rm, and you can read pretty much everything there is to know about this command here. If you still can’t perform the task, if you can’t find anything useful here, then forums are your next best bet.

In any case, this was a brief introduction to some of the basic commands that we will use throughout the course. Please make sure that you know what each one of these commands does, at least the basic functions, and then later on we will get in-depth and do more advanced stuff. In any case, I bid you all farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato