Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Mon Feb 12 2018
- rawdownloadreport42.08 KB
- _ _ _ ____ _ _
- | | | | __ _ ___| | __ | __ ) __ _ ___| | _| |
- | |_| |/ _` |/ __| |/ / | _ \ / _` |/ __| |/ / |
- | _ | (_| | (__| < | |_) | (_| | (__| <|_|
- |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_)
- A DIY Guide
- ,-._,-._
- _,-\ o O_/;
- / , ` `|
- | \-.,___, / `
- \ `-.__/ / ,.\
- / `-.__.-\` ./ \'
- / /| ___\ ,/ `\
- ( ( |.-"` '/\ \ `
- \ \/ ,, | \ _
- \| o/o / \.
- \ , / /
- ( __`;-;'__`) \\
- `//'` `||` `\
- _// || __ _ _ _____ __
- .-"-._,(__) .(__).-""-. | | | | |_ _| |
- / \ / \ | | |_| | | | |
- \ / \ / | | _ | | | |
- `'-------` `--------'` __| |_| |_| |_| |__
- #antisec
- --[ 1 - Introduction ]----------------------------------------------------------
- You'll notice the change in language since the last edition [1]. The
- English-speaking world already has tons of books, talks, guides, and
- info about hacking. In that world, there's plenty of hackers better than me,
- but they misuse their talents working for "defense" contractors, for intelligence
- agencies, to protect banks and corporations, and to defend the status quo.
- Hacker culture was born in the US as a counterculture, but that origin only
- remains in its aesthetics - the rest has been assimilated. At least they can
- wear a t-shirt, dye their hair blue, use their hacker names, and feel like
- rebels while they work for the Man.
- You used to have to sneak into offices to leak documents [2]. You used to need
- a gun to rob a bank. Now you can do both from bed with a laptop in hand [3][4].
- Like the CNT said after the Gamma Group hack: "Let's take a step forward with
- new forms of struggle" [5]. Hacking is a powerful tool, let's learn and fight!
- [1] http://pastebin.com/raw.php?i=cRYvK4jb
- [2] https://en.wikipedia.org/wiki/Citizens%27_Commission_to_Investigate_the_FBI
- [3] http://www.aljazeera.com/news/2015/09/algerian-hacker-hero-hoodlum-150921083914167.html
- [4] https://securelist.com/files/2015/02/Carbanak_APT_eng.pdf
- [5] http://madrid.cnt.es/noticia/consideraciones-sobre-el-ataque-informatico-a-gamma-group
- --[ 2 - Hacking Team ]----------------------------------------------------------
- Hacking Team was a company that helped governments hack and spy on
- journalists, activists, political opposition, and other threats to their power
- [1][2][3][4][5][6][7][8][9][10][11]. And, occasionally, on actual criminals
- and terrorists [12]. Vincenzetti, the CEO, liked to end his emails with the
- fascist slogan "boia chi molla". It'd be more correct to say "boia chi vende
- RCS". They also claimed to have technology to solve the "problem" posed by Tor
- and the darknet [13]. But seeing as I'm still free, I have my doubts about
- its effectiveness.
- [1] http://www.animalpolitico.com/2015/07/el-gobierno-de-puebla-uso-el-software-de-hacking-team-para-espionaje-politico/
- [2] http://www.prensa.com/politica/claves-entender-Hacking-Team-Panama_0_4251324994.html
- [3] http://www.24-horas.mx/ecuador-espio-con-hacking-team-a-opositor-carlos-figueroa/
- [4] https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/
- [5] https://citizenlab.org/2014/02/hacking-team-targeting-ethiopian-journalists/
- [6] https://citizenlab.org/2015/03/hacking-team-reloaded-us-based-ethiopian-journalists-targeted-spyware/
- [7] http://focusecuador.net/2015/07/08/hacking-team-rodas-paez-tiban-torres-son-espiados-en-ecuador/
- [8] http://www.pri.org/stories/2015-07-08/these-ethiopian-journalists-exile-hacking-team-revelations-are-personal
- [9] https://theintercept.com/2015/07/07/leaked-documents-confirm-hacking-team-sells-spyware-repressive-countries/
- [10] http://www.wired.com/2013/06/spy-tool-sold-to-governments/
- [11] http://www.theregister.co.uk/2015/07/13/hacking_team_vietnam_apt/
- [12] http://www.ilmessaggero.it/primopiano/cronaca/yara_bossetti_hacking_team-1588888.html
- [13] http://motherboard.vice.com/en_ca/read/hacking-team-founder-hey-fbi-we-can-help-you-crack-the-dark-web
- --[ 3 - Stay safe out there ]---------------------------------------------------
- Unfortunately, our world is backwards. You get rich by doing bad things and go
- to jail for doing good. Fortunately, thanks to the hard work of people like
- the Tor project [1], you can avoid going to jail by taking a few simple
- precautions:
- 1) Encrypt your hard disk [2]
- I guess when the police arrive to seize your computer, it means you've
- already made a lot of mistakes, but it's better to be safe.
- 2) Use a virtual machine with all traffic routed through Tor
- This accomplishes two things. First, all your traffic is anonymized through
- Tor. Second, keeping your personal life and your hacking on separate
- computers helps you not to mix them by accident.
- You can use projects like Whonix [3], Tails [4], Qubes TorVM [5], or
- something custom [6]. Here's [7] a detailed comparison.
- 3) (Optional) Don't connect directly to Tor
- Tor isn't a panacea. They can correlate the times you're connected to Tor
- with the times your hacker handle is active. Also, there have been
- successful attacks against Tor [8]. You can connect to Tor using other
- peoples' wifi. Wifislax [9] is a linux distro with a lot of tools for
- cracking wifi. Another option is to connect to a VPN or a bridge node [10]
- before Tor, but that's less secure because they can still correlate the
- hacker's activity with your house's internet activity (this was used as
- evidence against Jeremy Hammond [11]).
- The reality is that while Tor isn't perfect, it works quite well. When I
- was young and reckless, I did plenty of stuff without any protection (I'm
- referring to hacking) apart from Tor, that the police tried their hardest
- to investigate, and I've never had any problems.
- [1] https://www.torproject.org/
- [2] https://info.securityinabox.org/es/chapter-4
- [3] https://www.whonix.org/
- [4] https://tails.boum.org/
- [5] https://www.qubes-os.org/doc/privacy/torvm/
- [6] https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
- [7] https://www.whonix.org/wiki/Comparison_with_Others
- [8] https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack/
- [9] http://www.wifislax.com/
- [10] https://www.torproject.org/docs/bridges.html.en
- [11] http://www.documentcloud.org/documents/1342115-timeline-correlation-jeremy-hammond-and-anarchaos.html
- ----[ 3.1 - Infrastructure ]----------------------------------------------------
- I don't hack directly from Tor exit nodes. They're on blacklists, they're
- slow, and they can't receive connect-backs. Tor protects my anonymity while I
- connect to the infrastructure I use to hack, which consists of:
- 1) Domain Names
- For C&C addresses, and for DNS tunnels for guaranteed egress.
- 2) Stable Servers
- For use as C&C servers, to receive connect-back shells, to launch attacks,
- and to store the loot.
- 3) Hacked Servers
- For use as pivots to hide the IP addresses of the stable servers. And for
- when I want a fast connection without pivoting, for example to scan ports,
- scan the whole internet, download a database with sqli, etc.
- Obviously, you have to use an anonymous payment method, like bitcoin (if it's
- used carefully).
- ----[ 3.2 - Attribution ]-------------------------------------------------------
- In the news we often see attacks traced back to government-backed hacking
- groups ("APTs"), because they repeatedly use the same tools, leave the same
- footprints, and even use the same infrastructure (domains, emails, etc).
- They're negligent because they can hack without legal consequences.
- I didn't want to make the police's work any easier by relating my hack of
- Hacking Team with other hacks I've done or with names I use in my day-to-day
- work as a blackhat hacker. So, I used new servers and domain names, registered
- with new emails, and payed for with new bitcoin addresses. Also, I only used
- tools that are publicly available, or things that I wrote specifically for
- this attack, and I changed my way of doing some things to not leave my usual
- forensic footprint.
- --[ 4 - Information Gathering ]-------------------------------------------------
- Although it can be tedious, this stage is very important, since the larger the
- attack surface, the easier it is to find a hole somewhere in it.
- ----[ 4.1 - Technical Information ]---------------------------------------------
- Some tools and techniques are:
- 1) Google
- A lot of interesting things can be found with a few well-chosen search
- queries. For example, the identity of DPR [1]. The bible of Google hacking
- is the book "Google Hacking for Penetration Testers". You can find a short
- summary in Spanish at [2].
- 2) Subdomain Enumeration
- Often, a company's main website is hosted by a third party, and you'll find
- the company's actual IP range thanks to subdomains like mx.company.com or
- ns1.company.com. Also, sometimes there are things that shouldn't be exposed
- in "hidden" subdomains. Useful tools for discovering domains and subdomains
- are fierce [3], theHarvester [4], and recon-ng [5].
- 3) Whois lookups and reverse lookups
- With a reverse lookup using the whois information from a domain or IP range
- of a company, you can find other domains and IP ranges. As far as I know,
- there's no free way to do reverse lookups aside from a google "hack":
- "via della moscova 13" site:www.findip-address.com
- "via della moscova 13" site:domaintools.com
- 4) Port scanning and fingerprinting
- Unlike the other techniques, this talks to the company's servers. I
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement