Important info

1.  
2.  
3.  
4.  
5. Mon Feb 12 2018
6.  
7. rawdownloadreport42.08 KB
8.  
9.                 _   _            _      ____             _    _
10.  
11.                | | | | __ _  ___| | __ | __ )  __ _  ___| | _| |
12.  
13.                | |_| |/ _` |/ __| |/ / |  _ \ / _` |/ __| |/ / |
14.  
15.                |  _  | (_| | (__|   <  | |_) | (_| | (__|   <|_|
16.  
17.                |_| |_|\__,_|\___|_|\_\ |____/ \__,_|\___|_|\_(_)
18.  
19.                                                  
20.  
21.                                   A DIY Guide
22.  
23.  
24.  
25.  
26.  
27.  
28.  
29.                                  ,-._,-._            
30.  
31.                               _,-\  o O_/;            
32.  
33.                              / ,  `     `|            
34.  
35.                              | \-.,___,  /   `        
36.  
37.                               \ `-.__/  /    ,.\      
38.  
39.                              / `-.__.-\`   ./   \'
40.  
41.                             / /|    ___\ ,/      `\
42.  
43.                            ( ( |.-"`   '/\         \  `
44.  
45.                             \ \/      ,,  |          \ _
46.  
47.                              \|     o/o   /           \.
48.  
49.                               \        , /             /
50.  
51.                               ( __`;-;'__`)            \\
52.  
53.                               `//'`   `||`              `\
54.  
55.                              _//       ||           __   _   _ _____   __
56.  
57.                      .-"-._,(__)     .(__).-""-.      | | | | |_   _| |
58.  
59.                     /          \    /           \     | | |_| | | |   |
60.  
61.                     \          /    \           /     | |  _  | | |   |
62.  
63.                      `'-------`      `--------'`    __| |_| |_| |_|   |__
64.  
65.                                #antisec
66.  
67.  
68.  
69.  
70.  
71.  
72.  
73. --[ 1 - Introduction ]----------------------------------------------------------
74.  
75.  
76.  
77. You'll notice the change in language since the last edition [1]. The
78.  
79. English-speaking world already has tons of books, talks, guides, and
80.  
81. info about hacking. In that world, there's plenty of hackers better than me,
82.  
83. but they misuse their talents working for "defense" contractors, for intelligence
84.  
85. agencies, to protect banks and corporations, and to defend the status quo.
86.  
87. Hacker culture was born in the US as a counterculture, but that origin only
88.  
89. remains in its aesthetics - the rest has been assimilated. At least they can
90.  
91. wear a t-shirt, dye their hair blue, use their hacker names, and feel like
92.  
93. rebels while they work for the Man.
94.  
95.  
96.  
97. You used to have to sneak into offices to leak documents [2]. You used to need
98.  
99. a gun to rob a bank. Now you can do both from bed with a laptop in hand [3][4].
100.  
101. Like the CNT said after the Gamma Group hack: "Let's take a step forward with
102.  
103. new forms of struggle" [5]. Hacking is a powerful tool, let's learn and fight!
104.  
105.  
106.  
107. [1] http://pastebin.com/raw.php?i=cRYvK4jb
108.  
109. [2] https://en.wikipedia.org/wiki/Citizens%27_Commission_to_Investigate_the_FBI
110.  
111. [3] http://www.aljazeera.com/news/2015/09/algerian-hacker-hero-hoodlum-150921083914167.html
112.  
113. [4] https://securelist.com/files/2015/02/Carbanak_APT_eng.pdf
114.  
115. [5] http://madrid.cnt.es/noticia/consideraciones-sobre-el-ataque-informatico-a-gamma-group
116.  
117.  
118.  
119.  
120.  
121. --[ 2 - Hacking Team ]----------------------------------------------------------
122.  
123.  
124.  
125. Hacking Team was a company that helped governments hack and spy on
126.  
127. journalists, activists, political opposition, and other threats to their power
128.  
129. [1][2][3][4][5][6][7][8][9][10][11]. And, occasionally, on actual criminals
130.  
131. and terrorists [12]. Vincenzetti, the CEO, liked to end his emails with the
132.  
133. fascist slogan "boia chi molla". It'd be more correct to say "boia chi vende
134.  
135. RCS". They also claimed to have technology to solve the "problem" posed by Tor
136.  
137. and the darknet [13]. But seeing as I'm still free, I have my doubts about
138.  
139. its effectiveness.
140.  
141.  
142.  
143. [1] http://www.animalpolitico.com/2015/07/el-gobierno-de-puebla-uso-el-software-de-hacking-team-para-espionaje-politico/
144.  
145. [2] http://www.prensa.com/politica/claves-entender-Hacking-Team-Panama_0_4251324994.html
146.  
147. [3] http://www.24-horas.mx/ecuador-espio-con-hacking-team-a-opositor-carlos-figueroa/
148.  
149. [4] https://citizenlab.org/2012/10/backdoors-are-forever-hacking-team-and-the-targeting-of-dissent/
150.  
151. [5] https://citizenlab.org/2014/02/hacking-team-targeting-ethiopian-journalists/
152.  
153. [6] https://citizenlab.org/2015/03/hacking-team-reloaded-us-based-ethiopian-journalists-targeted-spyware/
154.  
155. [7] http://focusecuador.net/2015/07/08/hacking-team-rodas-paez-tiban-torres-son-espiados-en-ecuador/
156.  
157. [8] http://www.pri.org/stories/2015-07-08/these-ethiopian-journalists-exile-hacking-team-revelations-are-personal
158.  
159. [9] https://theintercept.com/2015/07/07/leaked-documents-confirm-hacking-team-sells-spyware-repressive-countries/
160.  
161. [10] http://www.wired.com/2013/06/spy-tool-sold-to-governments/
162.  
163. [11] http://www.theregister.co.uk/2015/07/13/hacking_team_vietnam_apt/
164.  
165. [12] http://www.ilmessaggero.it/primopiano/cronaca/yara_bossetti_hacking_team-1588888.html
166.  
167. [13] http://motherboard.vice.com/en_ca/read/hacking-team-founder-hey-fbi-we-can-help-you-crack-the-dark-web
168.  
169.  
170.  
171.  
172.  
173. --[ 3 - Stay safe out there ]---------------------------------------------------
174.  
175.  
176.  
177. Unfortunately, our world is backwards. You get rich by doing bad things and go
178.  
179. to jail for doing good. Fortunately, thanks to the hard work of people like
180.  
181. the Tor project [1], you can avoid going to jail by taking a few simple
182.  
183. precautions:
184.  
185.  
186.  
187. 1) Encrypt your hard disk [2]
188.  
189.  
190.  
191.    I guess when the police arrive to seize your computer, it means you've
192.  
193.    already made a lot of mistakes, but it's better to be safe.
194.  
195.  
196.  
197. 2) Use a virtual machine with all traffic routed through Tor
198.  
199.  
200.  
201.    This accomplishes two things. First, all your traffic is anonymized through
202.  
203.    Tor. Second, keeping your personal life and your hacking on separate
204.  
205.    computers helps you not to mix them by accident.
206.  
207.  
208.  
209.    You can use projects like Whonix [3], Tails [4], Qubes TorVM [5], or
210.  
211.    something custom [6]. Here's [7] a detailed comparison.
212.  
213.  
214.  
215. 3) (Optional) Don't connect directly to Tor
216.  
217.    
218.  
219.    Tor isn't a panacea. They can correlate the times you're connected to Tor
220.  
221.    with the times your hacker handle is active. Also, there have been
222.  
223.    successful attacks against Tor [8]. You can connect to Tor using other
224.  
225.    peoples' wifi. Wifislax [9] is a linux distro with a lot of tools for
226.  
227.    cracking wifi. Another option is to connect to a VPN or a bridge node [10]
228.  
229.    before Tor, but that's less secure because they can still correlate the
230.  
231.    hacker's activity with your house's internet activity (this was used as
232.  
233.    evidence against Jeremy Hammond [11]).
234.  
235.  
236.  
237.    The reality is that while Tor isn't perfect, it works quite well. When I
238.  
239.    was young and reckless, I did plenty of stuff without any protection (I'm
240.  
241.    referring to hacking) apart from Tor, that the police tried their hardest
242.  
243.    to investigate, and I've never had any problems.
244.  
245.  
246.  
247. [1] https://www.torproject.org/
248.  
249. [2] https://info.securityinabox.org/es/chapter-4
250.  
251. [3] https://www.whonix.org/
252.  
253. [4] https://tails.boum.org/
254.  
255. [5] https://www.qubes-os.org/doc/privacy/torvm/
256.  
257. [6] https://trac.torproject.org/projects/tor/wiki/doc/TransparentProxy
258.  
259. [7] https://www.whonix.org/wiki/Comparison_with_Others
260.  
261. [8] https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack/
262.  
263. [9] http://www.wifislax.com/
264.  
265. [10] https://www.torproject.org/docs/bridges.html.en
266.  
267. [11] http://www.documentcloud.org/documents/1342115-timeline-correlation-jeremy-hammond-and-anarchaos.html
268.  
269.  
270.  
271.  
272.  
273. ----[ 3.1 - Infrastructure ]----------------------------------------------------
274.  
275.  
276.  
277. I don't hack directly from Tor exit nodes. They're on blacklists, they're
278.  
279. slow, and they can't receive connect-backs. Tor protects my anonymity while I
280.  
281. connect to the infrastructure I use to hack, which consists of:
282.  
283.  
284.  
285. 1) Domain Names
286.  
287.  
288.  
289.    For C&C addresses, and for DNS tunnels for guaranteed egress.
290.  
291.  
292.  
293. 2) Stable Servers
294.  
295.  
296.  
297.    For use as C&C servers, to receive connect-back shells, to launch attacks,
298.  
299.    and to store the loot.
300.  
301.  
302.  
303. 3) Hacked Servers
304.  
305.  
306.  
307.    For use as pivots to hide the IP addresses of the stable servers. And for
308.  
309.    when I want a fast connection without pivoting, for example to scan ports,
310.  
311.    scan the whole internet, download a database with sqli, etc.
312.  
313.  
314.  
315. Obviously, you have to use an anonymous payment method, like bitcoin (if it's
316.  
317. used carefully).
318.  
319.  
320.  
321.  
322.  
323. ----[ 3.2 - Attribution ]-------------------------------------------------------
324.  
325.  
326.  
327. In the news we often see attacks traced back to government-backed hacking
328.  
329. groups ("APTs"), because they repeatedly use the same tools, leave the same
330.  
331. footprints, and even use the same infrastructure (domains, emails, etc).
332.  
333. They're negligent because they can hack without legal consequences.
334.  
335.  
336.  
337. I didn't want to make the police's work any easier by relating my hack of
338.  
339. Hacking Team with other hacks I've done or with names I use in my day-to-day
340.  
341. work as a blackhat hacker. So, I used new servers and domain names, registered
342.  
343. with new emails, and payed for with new bitcoin addresses. Also, I only used
344.  
345. tools that are publicly available, or things that I wrote specifically for
346.  
347. this attack, and I changed my way of doing some things to not leave my usual
348.  
349. forensic footprint.
350.  
351.  
352.  
353.  
354.  
355. --[ 4 - Information Gathering ]-------------------------------------------------
356.  
357.  
358.  
359. Although it can be tedious, this stage is very important, since the larger the
360.  
361. attack surface, the easier it is to find a hole somewhere in it.
362.  
363.  
364.  
365.  
366.  
367. ----[ 4.1 - Technical Information ]---------------------------------------------
368.  
369.  
370.  
371. Some tools and techniques are:
372.  
373.  
374.  
375. 1) Google
376.  
377.  
378.  
379.    A lot of interesting things can be found with a few well-chosen search
380.  
381.    queries. For example, the identity of DPR [1]. The bible of Google hacking
382.  
383.    is the book "Google Hacking for Penetration Testers". You can find a short
384.  
385.    summary in Spanish at [2].
386.  
387.  
388.  
389. 2) Subdomain Enumeration
390.  
391.  
392.  
393.    Often, a company's main website is hosted by a third party, and you'll find
394.  
395.    the company's actual IP range thanks to subdomains like mx.company.com or
396.  
397.    ns1.company.com. Also, sometimes there are things that shouldn't be exposed
398.  
399.    in "hidden" subdomains. Useful tools for discovering domains and subdomains
400.  
401.    are fierce [3], theHarvester [4], and recon-ng [5].
402.  
403.  
404.  
405. 3) Whois lookups and reverse lookups
406.  
407.  
408.  
409.    With a reverse lookup using the whois information from a domain or IP range
410.  
411.    of a company, you can find other domains and IP ranges. As far as I know,
412.  
413.    there's no free way to do reverse lookups aside from a google "hack":
414.  
415.    
416.  
417.    "via della moscova 13" site:www.findip-address.com
418.  
419.    "via della moscova 13" site:domaintools.com
420.  
421.  
422.  
423. 4) Port scanning and fingerprinting
424.  
425.  
426.  
427.    Unlike the other techniques, this talks to the company's servers. I