daily pastebin goal

A step-by-step guide to safely pursuing hackers online

a guest Jan 1st, 2013 986 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. A step-by-step guide to safely pursuing hackers online by @ihazcandy
  3. DRAFT
  4. http://twitter.com/Ihazcandy
  6. ##
  7. .1. Method of Payment
  8. .2. VPN (Virtual private network)
  9. .3. VPS/Cloud Hosting
  10. .4. Phone Verification
  11. .5. IRC (Internet Relay Chat)
  12. ##
  15. You will be required to pay for services since you are a law abiding citizen who does not break into computers without permission. I've dealt with a lot of different pre-pay card companies over the years and I can tell you the best hassle free cards are the epay MasterCard [http://www.epaymyway.com/index.php/prepaid-debit-cards]. My second choice is Vanilla pre-paid Visa, which is available at both CVS and Walgreens. WalMart may also sell these, but epay cards are available at most truck stops and Pilot Travel Centres. Drive out of town to get yours and make sure it has a high enough balance to float you for a few months without making another trip.
  16. Never buy a card in your home zipcode, there is a record of the location the card was purchased and you don't want to leave a trail back to yourself.
  19. .2. VPN
  20. Staying hidden online is the most important thing anyone can do to protect themselves from not only hackers, but also social engineers and trolls who will attempt to "dox" you. This means they will leak your IP address to the world, exposing your physical location. By using a VPN you are masking your real IP address and leaving them no clues plus they provide some firewall advantages as well.
  21. When choosing a VPN provider, there are a couple of key factors that should come into play. The first is technology. You want a provider that uses "OpenVPN" this allows you to use the service both in windows and Linux. I assume most of you out there feel more comfortable in windows, so this is a good option.
  22. Everyone always asks me which VPN provider is the best, who should I use?
  23. My answer to this is something that a lot of people don't like. The best VPN provider currently utilizing the OpenVPN protocol is HideMyAss.com  and the reason is simple - 38,500+ IP's in 53 countries, no restrictions on swapping P's' (changing your location from Australia to Africa), easy to use software in windows and simple command line software in Linux. Finally, price - it's cheap.
  24. When buying your VPN subscription, you want to use an open Wi-Fi access point outside your own zipcode. Never leave a trace on account sign-ups, the information is recorded because it's required as a fraud precaution.
  25. In this guide I will assume you have chosen HideMyAss.com PRO VPN using your new prepaid card.
  26. Go ahead and start up the software and after logging in, you will want to open a browser window and search Google for "what is my IP". You will get a reply like If this number is different than before you logged in to the software, you know it is working.  ALWAYS verify this when swapping locations.
  27. I will assume you have a spiffy new address in South Korea and you're ready to rock-n-roll.
  30. .3. VPS/Cloud Hosting
  31. In order to walk the same path as most hackers, you will be required to enter a dark realm of the Internet called Internet Relay Chat, mostly referred to as "IRC". To do this, you will need to bounce your connection through another server. The reason for this is that you can never trust your own computer’s security features to function correctly 100% of the time, plus your spiffy new VPN can fail if attacked, causing you to accidently reconnect to IRC using your real, unprotected IP address.
  32. I'm going to assume you already have your VPN up and running and you are ready to buy your first VPS/Cloud account. You will want to drive outside your zipcode once again, and utilize a public open Wi-Fi access point PLUS your new VPN. Make sure you select an IP address in the city/state where your new alias will reside.
  33. Let’s say you are Joe Blow in Austin, TX. Use Google to find an address you like in that city, and jot it down. Next you will need a telephone with the same area code as the town you are going to claim you live in.
  34. For that we move on to the next step:
  39. In order to sign up for your cloud provider such as Rackspace, GOGRID, or Amazon, you will be required to use a phone number for verification. To get around this you have two options, first would be to invest in a pre-paid throw away phone that allows you to select your own area code. StraightTalk comes to mind here [http://www.straighttalk.com/].
  40. Second, if you're like me and love to avoid spending money, you can drive a little ways outside of your own zipcode or even to another nearby city and do a little social engineering. Find a gas station in range of an open Wi-Fi access point in your desired telephone area code where the attendant is alone at night, and looks like he/she may be stoned, or on something speedy. Go in to buy a pack of smokes and ask if they can do you a favor. What will that favor be? Tell them you are trying to fix your phone and need to receive a call back from an automated service that will give a 4 digit code when they answer. Have them jot this down for you. Run back out to your little secret agent ford pinto and start the sign on process and have the service call for phone verification. It will ask for the pin number, so you will need to run back in the store and get that number from the crack head. Offer them $10 for their trouble. Now run back to your laptop and enter this code to complete your account setup. It should be activated right away. If not, wait a few minutes. Just make sure BOTH the zipcode and area code match each other, otherwise you will be flagged by the automated fraud prevention and have to manually verify the account by talking to a real person. This is another step we want to avoid.
  41. Once your account is activated, let’s move on to the wonderful world of Disney, err. IRC.
  46. Most hackers use what is called IRC, because it's vast history, and technology challenges are too much for even most federal agents to understand and utilize properly. It's very easy to fall victim to exposing your real IP and find yourself on the wrong end of a DDOS attack, or simply have that information used to DOX you. I'm not going to teach you about what IRC is, or what's there, but what I will teach you is how to remain hidden while you exist there.
  47. The first step is to use your own server. NEVER trust someone else to host your BNC (proxy for ircing) you don't want them to know your real IP if the VPN should ever fail.
  48. If you already have your cloud account setup and running, let’s get started.
  49. First we will want to create a new instance using aws.amazon.com. Log into the management console and select the EC2 service. You will be presented with a screen saying Getting Started and "To start using Amazon EC2 you will want to launch a virtual server, known as an Amazon EC2 instance."
  50. Click the Launch Instance button.
  51. Now you will need to click the continue button and on the next screen, select the Ubuntu server with the big yellow star next to the select button.
  52. (The star represents it's free to run one of these for 1 year)
  53. Once you click select, click continue on the next 4 screens.
  54. It will ask you to create a new Key Pair, this is the password for your server. Give it a name, any name, the name is not the password, then click create/download.
  55. Save that to a safe location.
  56. Click on continue, then click Launch and close the next screen.
  57. It will take about 30 seconds to 3 minutes for your new instance to fully boot up and be running where you can connect to it. Follow the menu on the left hand side and select Instances.
  58. You will see your new instance located on the right hand side. Where it says status, you should see running. Right click on that and select connect.
  59. You can use the default java option to connect to your server, or do it manually.  I'll leave that up to you.
  60. Connect to your server.
  61. The first command you should type is " sudo su "
  62. Then type " apt-get update "
  63. When this is complete, type " apt-get upgrade "
  64. When this is complete type " adduser somenickname "
  65. Replace somenickname with a name of your choice that does not relate to you.
  66. Enter a secure password then again when asked.
  67. For Full Name, just retype the nickname, and press enter 5 more times not typing anything else into the questions.
  68. Now we want to type "apt-get install znc "
  69. Press enter when it asks you if you want to install it.
  70. When complete type " su somenickname "
  71. This being the name you picked earlier.
  72. Then type " cd ~/ "
  73. Now type " znc --makeconf "
  75. Now we have entered the configuration for ZNC.
  76. Choose a port between 1025 and 65535. High ports are better.
  77. SSL: No
  78. ipv6: just press enter
  79. Listen hosts: press enter
  80. Party line: press enter
  81. Webadmin: yes
  82. Username: pickaname1
  83. Password: pickasecurepassword1
  84. Admin: press enter
  85. Nick: this is your nickname on irc, pick one you like that no else uses.
  86. Alt-nick: press enter
  87. Ident: doesn't matter. press enter
  88. Realname: type something crafty and cute for people to see when they do a whois on you.
  89. Bind-host: press enter
  90. Buffer: press enter
  91. Replay: press enter
  92. Modes: press enter
  93. Admin: type yes and press enter
  94. Chansaver: yes
  95. Keepnick: yes
  96. Kickrejoin: yes
  97. Nickserv: press enter
  98. Perform: press enter
  99. Simpleaway: press enter
  100. irc server: put whatever network you plan to connect you, such as irc.anonops.com
  101. Port: press enter
  102. Password: press enter
  103. SSL: no
  104. Another: no
  105. Channels: no
  106. User: no
  107. Launch znc now: no
  108. At the command prompt, type " znc & "
  109. Now you can type close out your terminal client. Your job is done.
  111. Now you must go back to the amazon managment console and click Security Groups on the left hand side. click default on the right hand side, and click the inbound tab located next to details under security group: default
  113. where it says Port range, type in the port you gave your VNC during the setup process and click add rule. then click apply rule changes below that.
  114. all done.
  117. Using your favorite irc client such as xchat, mirc, etc, connect to your instances host, it will be something like ec2-25-423-128-52.compute-1.amazonaws.com
  118. In the option for server password, (not nickserv) type "pickaname1:pickasecurepassword1" with the information you provided during setup.
  119. Save and connect to irc.
  120. If all went well, you should be connected to the anonops network, now you can join the channels of your choice and remain hidden from evil admins that might be out to get you.
  121. Hope you enjoyed this guide, it should have covered the basics for hiding you from irc, all the way down to the form of payment used and phone number should anyone ever be willing to hack hidemyass.com or even amazon.com for your information.
  123. Cheers,
  124. @ihazcandy
  125. edited by: http://twitter.com/muffinmanau
RAW Paste Data