Download pdf - Things You Should Not Do in Internet

7/26/2019 Things You Should Not Do in Internet

1/13

Things You Should Not Do - (Saving Ur AssFrom FBI)

Leave A Reply

There are some things that you should avoid doing at all costs ifyou don't want caught. I think it's important to go over these firstbecause there are a lot of common myths and falsehoods thatshould probably be cleared up before I go on and explain goodways to protect yourself. Keep in mind, these are things you

_shouldn't_ do.

Use AOL, MSN, or any small ISP (assuming you'redoing this from your home).

If you do stuff from home, or even just do research of some kindfrom home, you should avoid !", #$%, and smaller &hometown& type I!('s. #$% and !" watch their customers veryclosely for any activity that might indicate you are involved in

breasking into a system and may call the cops, turn off yourinternet, or a multitude of other things. !maller I!('s tend to dothe same kind of thing.

Mae any o!erational "hanges to the "om!romised"om!uter(s)

)hen you compromise or probe a system you should not do

anything that has a good potential of negatively impacting theperformance of that system. (eople will notice if something stopsworking right or starts working slower than normal, and willinvestigate the reason behind it.
http://www.theprohack.com/2008/05/things-you-should-not-do-saving-ur-ass.html#comment-formhttp://www.theprohack.com/2008/05/things-you-should-not-do-saving-ur-ass.html#comment-form


2/13

Lea#e a "alling "ard

*on't leave any sort of calling card that'll tip someone off to yourpresence. +his includes defaced web pages, deleted system logs,

logs edited in ways that aren't believable, etc. +his is again,because it lets the target know that someone has been messingwith things.

Use Pro$ies

+his mostly applies to the proxies found on public proxy lists, butit should be held as a general rule. *o not use proxies to try tomask where you are connecting from. ost proxies keep logs ofwho uses them and for what. If your mark realies something isgoing on they can probably just get the party responsible for theproxy to release the relevant logs. +his isn't to say that proxiesshould never be used. +hey just should not be relied on. Ideally,any proxy you use should be one you are sure does not loganything, or one which you can access and delete log entriesrelated to you.

Use automated e$!loit s"anning tools

*on't use programs like -!can, "essus, !aint, !uper!can,%anguard, or anything else like that to get info about targets.+hese programs tend to check for every possible thing whichcould be wrong with a given system, which will generate a lot oferror messages on your target's system and fill their logs, which isa pretty good indication to them that someone is attacking them.!uch programs also tend to trigger intrusion detection systemslike !nort.


3/13

%ell any&ody a&out hat you're doing or ha#e done

+he fewer people who know the better, because then there areless people who can rat you our or let it slip. #void working in

groups if possible.

Attem!t unrealisti" methods of intrusion

*on't try to do stuff like use II! exploits against #pache, or I#/shellcode on a computer with a ((0 processor in it. +hese aresurefire tip offs to someone that something is going on, and willalso trigger most I*! devices. #long with this, you should avoidusing automated password guessing programs because they'llcause you the same kind of trouble, and you probably won't gainanything.

i#e yourself a user a""ount

#void giving yourself a user account on a target system. If youcan, use an existing account or access the system using amethod that doesn't re1uire authentication.

o it from a !u&li" "om!uter

#lthough it might be tempting, you shouldn't use public computersfor any kind of hacking. )hile it does grant you relativeanonymity, you can't be sure that someone won't walk past andsee what you're doing, that there are no cameras around, or thatthe machine doesn't log what you use it for.

*rite things don or !rint things o+

Keep stuff on computer where you can encrypt it and hide it from


4/13

prying eyes. *on't write stuff down or print it off because thensomeone might find it laying around. (lus, papers found with youcan be used as evidence while most textbased computerdocuments can't be.

es!ond to any odd "ommuni"ations you getregarding your target.

+his might sound obvious, but don't respond to anycommunications you get from anyone regarding your target. Ifsomeone contacts you about your target then cease all activityright away.

Use mind altering drugs or ha" hen you'#e had ala" of food or slee!.

#ll of these can cause you to make stupid, stupid mistakes.

Stuf you should do2nough with things you should avoid doing, and on to things youshould do. +his section is broken up into little segments aboutdifferent topics.

-our n#ironment!omething that is a lot more important than you would think is theenvironment in which you work. ake sure you are relaxed, haveaccess to some place comfortable to sit, and are not rushed.

#void recurring distractions like the telephone, and turn off thingslike the +3 or the radio. usic is good, but don't listen to musicthat makes you feel particularly rushed, excited, or tense. +urn offany messaging programs or anything like that.


5/13

+he idea is to make it so you can completely focus on the task athand without feeling rushed or uncomfortable. If you maintain arelaxed state of mind and body you will make less mistakes andwill think through your actions more carefully. It's really easy to

forget what you're doing and then make a mistake later if you getpulled away from the computer by the phone or something. +akefre1uent brakes and sit down and relax. #lso, make sure you haveplently of sleep, food, and what not so you're brain is workingwell. "eedless to say, save the cannibus, alcohol. or whateverelse for the victory dance, hehe.

Pro$ies / e#isited4eah, I said not to use proxies. +hat's because it's easier to tellsomeone not to do something that to explain to them the right wayto do it. !o, this is the &right way&. )hen it comes to proxies yourbest source of them is yourself. 4ou should use proxies you haveset up on other people's machines. +here are many pieces ofsoftware avilable online which will act as a !$0K! proxy if youinstall it on someone's computer.

5egister an account with a free dynamic *"! service likedyndns.org and then install proxies on home machines, and usethe dynamic *"! services so you can always find the machinesyou've made into proxies. +he advantage of this approach is thatindividual home users are a lot less likely to monitor theircomputers 6many home (0's are part of a bot net anyway7, andyou don't have to worry about logs.

It's best to use proxies which support encryption so the traffic sentbetween the proxy and your machine can't be sniffed by anyonein between.

#lso, on the topic of proxies, it should be noted that any program


6/13

can be used through a proxy if you take the correct measures.+wo pieces of software you should look into are tsocks andproxychains. 8oth of them can take all of the +0( I9$ of aprogram and send it through a chain of proxies. 4ou can even use

them to do anonymous portscanning and the like. #bout the onlything they don't work well with is :+(, due to the way :+(connections work.

If you have the time to do so you should check out the +or project6http;99tor.eff.org97, which is a decentralied, encrypted network ofproxies which anyone can use to mask the source of aconnection. It seems to work prety well, except that connectionsover +or have a higher latency than connections without it.

ata Prote"tion(rotect the data on your computer6s7 from prying eyes. *on't usesome kind of stupid method like a commercial cryptodisksoftware which probably has a backdoor in it. +here are betterways. $ne of the best ways I have seen is to use the cryptodiskfunction found in the %inux kernel. 8asically, you can make aimage file which can be mounted as a file system 6with the correctpassword7. )hen it's not mounted the data is encrypted using anyalgorithm you like 6anything from *2! to #2! or +wofish7.+here's a good tutorial on how to set this uphere;http://www.tldp.org/HOWTO/Cryptoloop-HOWTO/

If you're not able to take that route, using (


7/13

#s far as hiding and encrypting data it's a good idea to avoid anycommercial software and the methods of encryption used byprograms like )inip and )inrar. In short, don't use any

applicationspecific method of protecting your data. *on't rely onthe password protection of )ord documents, for example.

#lso, it's not a horrible idea to have some kind of plan in place todestroy all of your data very 1uickly in the event of a raid orsomething like that. owever, if you choose to go this route you needto take special precautions.

$bviously, don't be suspicious, and don't get yourself on camera.#lso don't use programs like "et !tumbler to find networks. @se a


8/13

passive tool like Kismet, or just put your card in monitor mode anduse 2thereal. *o "$+ use a )indows computer for this. )indowsloves to broadcast all sorts of identifying data all over the place,and you don't want that on someone else's wifi net. In fact, make

sure any programs which automatically connect to anything onlineare turned off so you don't make any more traffic than you haveto. It's also a good idea to change the #0 address of your wificard using a program like macchanger or travesty.

If you can, you should get into the #( and delete logs related toyour computer as well. +hat way no one even knows anyone outof the ordinary was using the network. $therwise you mightsuddenly find that networks you fre1uent become closed.

Using $!loits(robably one of the most effective ways into a system is to exploita vulnerability in a piece of software installed on that system. Itcould be an exploit for anything from an antivirus program, to aweb server, to something as odd as a word processor. !uchexploits are plentiful, available all over the internet, and mostsystems have at least one piece of software installed which isvulnerable to an exploit. #ll of this makes using known exploitsvery attractive. )ell, before you happily go and use someoneelse's exploit code there are some precautions you should take.

:irst of all, most of the time when a vulnerability is discovered oneto two pieces of code are released for exploiting it. In most casesthese pieces of code send some kind of distinguishing data to thetarget, so such data is often added to the signature lists of I*!software very 1uickly. 2xploits which cause something to listen ona port are usually added to I*! software pretty 1uickly too,because they tend to use the same port all the time. !o, if you justplan to use someone else's unmodified code, you probably


9/13

shouldn't. +he best practice is usually to write your own code thatexploits a known vulnerability in a fashion that won't set off toomany alarms. If you donAt have that level of skill you can alwaystry modifying someone else's code.

ost exploits have a section somewhere in them called the&payload& which is basically the instructions the exploit has thetarget run. ost of the time &shellcode& is placed here, which is ahashed and obsfucated list of command line instructions. #gain,most of the time the goal of shellcode is just to get the remotesystem to bind a command shell to a given port. In many casesyou can simply remove the shellcode in an existing exploit andreplace it with your own. +ools like the etasploit :ramework canhelp you generate code to your specs.

#lso, the best practice as far as exploits go is to use or find onenot many people know about at all. If an exploit isn't publicknowledge then most people will not know what to look for, andmost I*! devices won't flag the usage of it.

0a"ing *e& A!!s# common way into a server is to exploit something wrong with awebbased application like forum or gallery software. +his isactually a very good way into a server that carries a lower riskthan you might think. If you do this sort of thing it's best to do itduring peak hours because so much traffic will already beinghitting your target that yours will probably go unnoticed. )ebserver log files get very large and most people never read throughthem unless they think something's messed up or not workingright. :urthermore, most ="I- based systems use logrotate todelete old log files, so chances are, your logs will be deletedanyway after a little while. !ome systems are even configured sothat log files are &rotated& once they reach a certain sie.


10/13

>owever, you are still vulnerable to detection by intrusiondetection software. +hus, you should take two precautions. +hefirst is to use a randomied chain of proxies so that your re1uests

don't all appear to be coming from the same I(. ultiproxy 6for)indows7 and proxychains 6for %inux9@"I-7 can do this for you.+he second is to use !!% 6https;997 if you can. !!% encrypts alldata between you and the web server to prevent people fromsnooping. It also prevents I*! software from seeing the datayou're sending the server.

ealing ith Logs>ow to deal with system log files is a hotly debated subject.


11/13

$n ="I- systems there's a file called 9var9log9lastlog which keepstrack of the last time each user logged in and from where.


12/13

replacing 9sbin9login with a version that doesn't log you. +here areplenty of rootkits out there which you can get ideas and the likefrom.

+here are also a lot of more obscure ways of gaining access,including programs which send command over #0K packets,I0(, or >++(. !uch programs are very useful since a firewallwon't normally think anything of them. #lso, of note here arenetcat and the


13/13

such changes or software installs if you use a rootkit like the onethat comes on those 0*'s !ony is distributing right now 6hidesany file where the name starts with Csys7. (eople tend to expect alittle oddness and 1uirkiness out of )indows, so you have more

leeway for installing backdoors.

I hope that was informative ;(