daily pastebin goal
52%
SHARE
TWEET

LulzSec Tips

a guest Jun 25th, 2011 5,856 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. Workshop: How to evade the police and shag their wives and daughters, all without leaving traces, Coming back to #anonsec at irc.anonops.li ! People who are feeling lost about the talks, specially over tech aspects, listen and then ask at the end.
  2.  
  3.  
  4. Main Tips:
  5. Encrypt everything.
  6. Wipe everything non-encrypted.
  7. Audit your networks connections (look for DNS queries going to your ISP).
  8. No open ports.
  9. Use a different machine for Anonymous.
  10. Make fresh OS installs every month or so (and keep it updated).
  11. Try to re-route your connection at least 2 times.
  12. Keep secure. http://cryptoanarchy.org/wiki/Main_Page
  13.  
  14. -> DONT talk to the police. Ever. So dont even explain why you arent saying anything, just shut your mouth untill you are back home again, no matter how long it takes. They will lie to you. They will threaten you. They may even hurt you. But you CANT say a SINGLE WORD.
  15.  
  16.  
  17. Contents:
  18.  
  19. Encryption
  20. Document Shredding
  21. MAC Spoofing
  22. VPN/VPS
  23. Tor & I2P
  24. DNS
  25. Assorted
  26. Firefox Plugins
  27.  
  28.  
  29.  
  30.  
  31. Encryption
  32.  
  33. Store sensitive files on encrypted volumes. Encrypt your files AES256
  34. Use Truecrypt! - http://www.truecrypt.org/
  35.  
  36.  
  37.  
  38. Document Shredding
  39.  
  40. Shred all your documents non encrypted on a daily/weekly basis.
  41. Keep them centralized.
  42.  
  43. NOTE for SSD disks users: enable the TRIM function, usual shredding methods are not suitable for them.
  44.  http://askubuntu.com/questions/18903/how-to-enable-trim
  45.  
  46. Linux
  47.  
  48. apt-get install wipe
  49.  
  50. wipe -r -P 7 folderToTrash
  51.  
  52. Mac OS X
  53.  
  54. For the Terminal Savvy:
  55. srm -r
  56.  
  57. Others:
  58. Put files into the bin and then Finder > Secure empty Trash
  59.  
  60. Windows
  61. Expert needed
  62.  
  63.  
  64.  
  65.  
  66. MAC Spoofing
  67.     MAC Spoofing is changing your unique MAC address to something more secure; like a line of zeros.
  68.    
  69.    
  70. Linux
  71.  
  72. apt-get install macchanger
  73.  
  74. after that do:
  75.  
  76. sudo macchanger -A eth0 <--- eth0 is the interface, use sudo ifconfig -a to show all interfaces, don't use lo0, that is a loopback interface
  77.  
  78. or
  79.  
  80. sudo ifconfig wlan0 down
  81. sudo ifconfig wlan0 hw ether 00:00:00:00:00:00
  82. sudo ifconfig wlan0 up
  83.  
  84.  
  85. -> You can doo this every boot up automatically.
  86.  
  87. https://we.riseup.net/riseuphelp+en/auto-random-macs
  88.  
  89. Script to be placed and chmod +x in /etc/network/if-pre-up.d/macchanger
  90.  
  91. #################################
  92. #!/bin/sh
  93.  
  94. MACCHANGER=/usr/bin/macchanger
  95.  
  96. ifconfig eth0 down
  97. macchanger -A eth0
  98. ifconfig eth0 up
  99.  ########################
  100.  
  101.  
  102. ->>>  Replace eth0 with the interface you use to connect to the net. In order to know that, type in console: sudo ifconfig or /sbin/ifconfig
  103. ->>> The output will be a list of interfaces,
  104.  
  105. lo : local loopback
  106. wlan0: wireless interface
  107. eth0: ethernet interface
  108. tap or tun0: VPN interface.
  109.  
  110. -> Also  keep in mind that, even if you spoof your mac, if you are behind a  router, it's the routers mac that's exposed, not your computers, so if  you want this to work, you need to use a vpn. (Tips to firewall a vpn  conn would be niceness too)
  111.  
  112. -> A good way of firewalling your linux, is using ufw (uncomplicated firewall) it's easy, and you don't need to know shit about iptables to make it work + it has a very simple interface (gufw). A more complete gui, and more complicated, is the well known firestarter.
  113.  
  114. -> To know the services listening on your box type the following in console
  115. $sudo netstat --tcp --udp --listening --program
  116. Youre done when there's 0 listening programs in that list. (Avoid dhclient if you can, as for openvpn, firewall it properly)
  117.  
  118. -> send to /dev/null all the users that have suspicious activity (such as nobody, or in some cases proxy when u got tor installed.)
  119. $sudo chsh -s /dev/null nobody
  120.  
  121. -> check this article for tor advanced (and very interesting) usage.
  122. http://thesprawl.org/memdump/?entry=8
  123.  
  124. Mac OS X
  125.  
  126. 1. Paste the following into Terminal (Applications/Utilities/Terminal.app):
  127.  
  128. sudo su
  129. /System/Library/PrivateFrameworks/Apple80211.framework/Versions/Current/Resources/airport /usr/sbin/airport -z
  130. sudo ifconfig en1 ether 00:00:00:00:00:00
  131.  
  132. 2. Reconnect to a wireless network!
  133.  
  134. For wired connections, change 'en1' to 'en0.'
  135.  
  136.  
  137. BSD
  138.    
  139.     1) Bring down the interface: "ifconfig xl0 down"
  140.    
  141.     2) Enter new MAC address: "ifconfig xl0 link 00:00:00:AA:AA:AA"
  142.    
  143.     3) Bring up the interface: "ifconfig xl0 up"
  144.    
  145.     Linux
  146.    
  147.     1) Bring down the interface: "ifconfig eth0 down"
  148.    
  149.     2) Enter new MAC address: "ifconfig eth0 hw ether 00:00:00:AA:AA:AA"
  150.    
  151.     3) Bring up the interface: "ifconfig eth0 up"
  152.    
  153.     Windows 2000/XP
  154.     Method 1:
  155.    
  156.     This is depending on the type of Network Interface Card (NIC) you have. If      you have a card that doesn't support Clone MAC address, then you have to go      to second method.
  157.    
  158.     a) Go to Start->Settings->Control Panel and double click on Network and      Dial-up Connections.
  159.    
  160.     b) Right click on the NIC you want to change the MAC address and click on      properties.
  161.    
  162.     c) Under "General" tab, click on the "Configure" button
  163.    
  164.     d) Click on "Advanced" tab
  165.    
  166.     e) Under "Property section", you should see an item called "Network Address"      or "Locally Administered Address", click on it.
  167.    
  168.     f) On the right side, under "Value", type in the New MAC address you want to      assign to your NIC. Usually this value is entered without the "-" between      the MAC address numbers.
  169.    
  170.     g) Goto command prompt and type in "ipconfig /all" or "net config rdr" to      verify the changes. If the changes are not materialized, then use the second      method.
  171.    
  172.     h) If successful, reboot your system.
  173.    
  174.     Method 2:
  175.    
  176.     This should work on all Windows 2000/XP systems
  177.    
  178.     a) Go to Start -> Run, type "regedt32" to start registry editor. Do not use      "Regedit".
  179.    
  180.     b) Go to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}".      Double click on it to expand the tree. The subkeys are 4-digit numbers,      which represent particular network adapters. You should see it starts with      0000, then 0001, 0002, 0003 and so on.
  181.    
  182.     c) Find the interface you want by searching for the proper "DriverDesc" key.
  183.    
  184.     d) Edit, or add, the string key "NetworkAddress" (has the data type "REG_SZ")      to contain the new MAC address.
  185.    
  186.     e) Disable then re-enable the network interface that you changed (or reboot      the system).
  187.    
  188.     Method 3:
  189.    
  190.     Use the program Etherchange from http://ntsecurity.nu/toolbox/etherchange/
  191.    
  192.     Windows 9x
  193.    
  194.     Use the same method as Windows 2000/XP except for the registry key location      is "HKEY_LOCAL_MACHINE\System\ CurrentControlSet\Services\Class\Net" and you      must reboot your system.
  195.  
  196.  
  197.  
  198.  
  199. VPN/VPS
  200.  
  201. Links about tested VPNs services:
  202.  
  203. https://www.vpntunnel.se
  204. https://www.perfect-privacy.de
  205. https://www.swissvpn.net/
  206.  
  207. http://nvpn.net/index.php  
  208.  
  209. Links about offshore VPS offers:
  210. ipo
  211. http://heihachi.net/
  212. http://zhangltd.net/plans_at.html
  213. http://www.dataclub.biz/en/site/services
  214.  
  215. http://www.santrex.net/vps-hosting.php
  216.  
  217. Other anonymisation services to hide your IP address
  218.  
  219. JonDonym https://anonymous-proxy-servers.net uses mix cascades with 2 or 3 mix servers around the world. Free mix cascades can be used only for anonymous surfing. Premium services can be used for all internet services like IRC, email or IM.
  220.  
  221. Tor https://www.torproject.org uses a route of 3 onion routers around the world. The route will change every 10 minutes. Because everybody can run a Tor node it is possible for intelligence services to insert spying nodes. Use SSL encryption to avoid traffic sniffing by spying exit nodes.
  222.  
  223.  
  224.  
  225.  
  226. I2P
  227. The very best of the deep internets. Anonymoulsy host, visit, and everything else. Reccomended.
  228. http://www.i2p002.d
  229. https://www.vpntunabout:startpagenel.se
  230. e/
  231. #Anonymous on I2P standard IRC.
  232.  
  233.  
  234.  
  235.  
  236. DNS
  237.  
  238. Open DNS Servers:
  239.  
  240.         => Service provider:Dnsadvantage
  241.         Dnsadvantage free dns server list:
  242.         156.154.70.1
  243.         156.154.71.1
  244.          
  245.         => Service provider:OpenDNS
  246.         OpenDNS free dns server list / IP address:
  247.         208.67.222.222
  248.         208.67.220.220
  249.          
  250.         => Service provider:Norton
  251.         Norton free dns server list / IP address:
  252.         198.153.192.1
  253.         198.153.194.1
  254.          
  255.         => Service provider: GTEI DNS (now Verizon)
  256.         Public Name server IP address:
  257.         4.2.2.1
  258.         4.2.2.2
  259.         4.2.2.3
  260.         4.2.2.4
  261.         4.2.2.5
  262.         4.2.2.6
  263.          
  264.         => Service provider: ScrubIt
  265.         Public dns server address:
  266.         67.138.54.100
  267.         207.225.209.66
  268.          
  269.          
  270.         Other anti-censorship DNS servers:
  271.          
  272.         85.88.19.10 (German Xail.net) sehr schnell!
  273.         85.88.19.11 (German Xail.net)
  274.         87.118.100.175 (German Privacy Foundation e.V.)
  275.         94.75.228.28 (German Privacy Foundation e.V.)
  276.         62.141.58.13 (German Privacy Foundation e.V.)
  277.         62.75.219.7 (German Privacy Foundation e.V.)
  278.         85.214.73.63 (FoeBuD e.V.)
  279.         212.82.225.7 (ClaraNet)
  280.         212.82.226.212 (ClaraNet)
  281.         213.73.91.35 (Chaos Computer Club Berlin) +1
  282.         58.6.115.42 (OpenNIC, Australien)
  283.         58.6.115.43 (OpenNIC, Australien)
  284.         119.31.230.42 (OpenNIC, Australien)
  285.         200.252.98.162 (OpenNIC, Brasilien)
  286.         217.79.186.148 (OpenNIC, Deutschland)
  287.         82.229.244.191 (OpenNIC, Frankreich)
  288.         216.87.84.211 (OpenNIC, USA)
  289.         2002:d857:54d2:2:20e:2eff:fe63:d4a9 (OpenNIC, IPv6 USA)
  290.         2001:470:1f07:38b::1 (OpenNIC, IPv6 USA)
  291.         2001:470:1f10:c6::2 (OpenNIC, IPv6 USA)
  292.         66.244.95.20 (OpenNIC, USA)
  293.         204.152.184.76 (f.6to4-servers.net, ISC)
  294.         2001:4f8:0:2::14 (f.6to4-servers.net, IPv6, ISC)
  295.         194.150.168.168 (dns.as250.net; anycast DNS!)
  296.         80.237.196.2 (Erdgeist)
  297.         194.95.202.198 (UDK Berlin)
  298.         88.198.130.211 (Dataflash)
  299.         78.46.89.147 (ValiDOM)
  300.         129.206.100.126 (URZ Uni Heidelberg)
  301.         79.99.234.56 (justnet.ch, Schweiz)
  302.         208.67.220.220 (OpenDNS)
  303.         208.67.222.222 (OpenDNS)
  304.         156.154.70.22 (Comodo Secure DNS)
  305.         156.154.71.22 (Comodo Secure DNS)
  306.         85.25.149.144 (Freie DNS-Server)
  307.         87.106.37.196 (Freie DNS-Server)
  308.         8.8.8.8 (Google Public DNS)
  309.         8.8.4.4 (Google Public DNS)
  310.         88.198.24.111 (jali/CCCHB)
  311.  
  312. Google ones  
  313. 8.8.8.8
  314. 8.8.4.4
  315.  
  316. -> These ones are good. We all know google is evil, but their DNS services process much traffic. This is security by obscurity, finding a request to them is like finding a needle in the sea!
  317.  
  318. What about Level3 dns servers? safe?
  319.  
  320.  
  321. youtube link for dns tut
  322. http://www.youtube.com/watch?v=r8d-Sv2 ifconfig eth0 lladdr 00:00:00:00WCQ
  323. http://www.youtube.com/watch?v=CBJaIahhH20
  324. http://www.youtube.com/watch?v=wwS6Jufjqds
  325. http://www.youtube.com/watch?v=CBJaIahhH20
  326. http://www.youtube.com/watch?v=wwS6Jufjqds
  327.  
  328. bypassing DNS filters
  329. http://pastehtml.com/view/ax99xkcpi.rtxt
  330.  
  331.  
  332.  
  333.  
  334. Assorted
  335.  
  336. - rule #efore dishonour1 and rule #2
  337. - /dev/null before dishonour
  338.  
  339. - do not mention your involvement with $operations
  340. - do not swank with your e-peen
  341. - do not mention your YT, Twitter, FB... accounts
  342. - do not swank with any special knowledge
  343. - speak english only
  344. - use password with more than 10 characters
  345. - dont re-use passwords
  346.  
  347. -> Generating strong passwords (Linux)
  348.  
  349. $ cat /dev/urandom | tr -dc '[a-z][A-Z][0-9]-_!@#$%^&*()_+{}|:<>?=' | fold -w 64| head -n 5
  350.  
  351. This will generate a 5 rows of 64 char long password with symbols, numbers and letters. Change the -w value suit your needs. -w 128 will generate a 128 char passwd
  352.  
  353. - use keepassx
  354.  
  355. - use Live-CDs and thumbdrives and portable software
  356. - do not keep logs of any kind
  357. - repeat after me: I will not keep any logs
  358. - pay your VPN with bitcoin, Ukash etc.
  359. - choose a VPN-Provider in a safe jurisdiction (that means not US, UK, France)
  360. - using your neighbours Wifi is not a *very* good idea, but on the other hand... better than get arrested
  361. - only inexistent data is good data, because any existing data will be used against you
  362. - Govs will even use inexistent data against you
  363. - do not use your anonops-nick anywhere else (Change your nicks oftenly)
  364.  
  365. - it is a good idea to change the OS every now and then
  366. - it is a good idea to physically separate anything Anon from anything not Anon, use different machines
  367. - do not use the same E-Mail or VPN you use for Anon for other activities
  368. - if you have to keep data, put it on thumbdrives so they can easily be destroyed > micro sd drives are twice as easily destroyed and die after an ammount of writes.
  369.  
  370. - keep in mind that a single Anon is unimportant to Anonymous
  371. - the media will not keep your identity secret because the media sell information, do not trust the media (https://www.eff.org/deeplinks/2011/06/wsj-and-al-jazeera-lure-whistleblowers-false  )
  372. - do not expose yourself too much, avoid IRL-Interviews, avoid Voice Interviews
  373. - sadly, you cannot trust other Anons
  374. - report suspicious activities
  375. - be paranoid
  376. - keep a low profile
  377. - tell others when you will not join the IRC for al longer time
  378. - before issuing any documents erase their metadata
  379.  
  380. Port Scans
  381. www.port-scan.de
  382. ----------------------
  383. Links
  384. www.truecrypt.org  (encrypting software , who cant read will not know )
  385. if they see that you have truecrypr installed, they will know. see http://xekcd.com/538/
  386. www.comodo.com  (firewall )
  387. https://wiki.archlinux.org/index.php/LUKS (even more encryption)
  388.  
  389.  
  390.  
  391. Firefox Configuration
  392.  
  393. Firefox about:config
  394. network.proxy.socks_remote_dns = true
  395. browser.search.suggest.enabled = false
  396. layout.css.visited_links_enabled = false
  397. network.http.sendRefererHeader = 0
  398. geo.enabled = false
  399. browser.display.use_document_fonts = 0
  400.  
  401. Try to have a common fingerprint for your browser:
  402. http://panopticlick.eff.org
  403.  
  404. -> The more unique your browser looks, the more the bad guys will identify you.
  405.  
  406. Firefox Addons
  407. - Cookieculler ( cookies can trace u do not keep logs ! )
  408. - HTTPS everywhere ( secured is encrypted (Y) )
  409.  
  410. Modify Headers
  411. https://addons.mozilla.org/en-US/firefox/addon/modify-headers/
  412.  
  413. RequestPolicy
  414. https://addons.mozilla.org/en-us/firefox/addon/requestpolicy/
  415.  
  416. NoScript
  417. https://addons.mozilla.org/en-us/firefox/addon/noscript/
  418.  
  419. Certificate Patrol
  420. https://addons.mozilla.org/en-us/firefox/addon/certificate-patrol/
  421.  
  422. AdBlock Plus
  423.  https://addons.mozilla.org/fr/firefox/addon/adblock-plus/
  424.  
  425. Mafiaa redirector
  426. https://addons.mozilla.org/en-US/firefox/addon/mafiaafire-redirector/
  427.  
  428. Better privacy
  429. https://addons.mozilla.org/fr/f encrypirefox/addon/betterprivacy/
  430.  
  431. User Agent switcher
  432. https://addons.mozilla.org/en-US/firefox/addon/user-agent-switcher/
  433. http://techpatterns.com/downloads/firefox/useragentswitcher.xml
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top