Author Topic: Guide to Anonymity, Security and Anti-Forensics  (Read 26386 times)

0 Members and 1 Guest are viewing this topic.

Offline 0poitr

  • Peasant
  • *
  • Posts: 149
  • Cookies: 64
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #15 on: February 12, 2013, 11:15:43 am »
Thanks. I always looked forward to something like this. A nice guide. +1

The IPFuck plugin is great. As its info page hints, three http headers supply host identity information(including ip address). Which are VIA, X-Forwarded-For and Client-IP
There are some more or maybe just aliases of them as I found on the web, but they seem to serve similar purposes.

    HTTP_CLIENT_IP
    HTTP_X_FORWARDED_FOR
    HTTP_X_FORWARDED
    HTTP_X_CLUSTER_CLIENT_IP
    HTTP_FORWARDED_FOR
    HTTP_FORWARDED

I found the specs of VIA here : http://www.w3.org/Protocols/rfc2616/rfc2616-sec14.html (14.45)
and a draft RFC of X-Forwarded-for here : http://tools.ietf.org/html/draft-petersson-forwarded-for-02
Couldn't find a RFC for client-ip though but a google search reveals some cisco and other manufacturers' documentation on how to modify that header.

So, after a bit of research, my conclusion is X-Forwarded headers are troublesome for anonymity if they are maintained properly throughout the route. Usually, using IPfuck with a medium anonymous proxy (public proxies with high anon are often very slow) should be able to hide the actual client address.

Here, I found some websites that check how much info can be gathered from your browser requests.
Funny thing is, when you use ipfuck with no proxy, whatsmyip.com checks the headers(which is spoofed) for your actual ip and the takes the content of the REMOTE_ADDR header (which has your original address) as the proxy server's ip. Try it. :D
« Last Edit: February 12, 2013, 11:19:44 am by 0poitr »
Imagination is the first step towards Creation.

Offline rapture

  • /dev/null
  • *
  • Posts: 13
  • Cookies: 12
    • View Profile
    • Affliction X - Hacking and Security Underground
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #16 on: February 15, 2013, 10:22:03 am »
Post edited, thanks Fur and 0poitr.
« Last Edit: February 15, 2013, 10:31:26 am by rapture »

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #17 on: February 25, 2013, 07:43:58 pm »
You know what, no offense to OP but I'm really sick of these generic Anonymity guides. They are all the same.

1. Proxy

2. VPN

3. Tor

4. Encryption

5. Disk Wipe

6. Virus

7. Don't talk about stuff to people

This one and the one that is stickied which I personally think should be unstickied in particular. I think I'm going to write a more comprehensive, less generic one that I want to be stickied. This shit gets annoying.
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #18 on: February 25, 2013, 07:45:03 pm »
You know what, no offense to OP but I'm really sick of these generic Anonymity guides. They are all the same.

1. Proxy

2. VPN

3. Tor

4. Encryption

5. Disk Wipe

6. Virus

7. Don't talk about stuff to people

This one and the one that is stickied which I personally think should be unstickied in particular. I think I'm going to write a more comprehensive, less generic one that I want to be stickied. This shit gets annoying.

I am looking forward to that :)
~Factionwars

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #19 on: February 25, 2013, 07:46:26 pm »
Will you sticky it if I do.....and it's good? I'm going to get started today.
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline Stackprotector

  • Administrator
  • Titan
  • *
  • Posts: 2515
  • Cookies: 205
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #20 on: February 25, 2013, 07:48:23 pm »
Will you sticky it if I do.....and it's good? I'm going to get started today.
If it's worth sticking :P
~Factionwars

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #21 on: February 26, 2013, 01:24:33 am »
If it's worth sticking :P

Well, take at look at it do YOU think it's worth sticking?
« Last Edit: February 26, 2013, 03:11:20 am by lucid »
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline rapture

  • /dev/null
  • *
  • Posts: 13
  • Cookies: 12
    • View Profile
    • Affliction X - Hacking and Security Underground
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #22 on: February 27, 2013, 10:01:58 am »
No problem, I replied at your guide, very nice and descriptive.

imho, to get anonymity section productive, it should not be circulating in one topic which can be understood with just a single thread.
« Last Edit: February 27, 2013, 10:05:41 am by rapture »

Offline Averagegenius

  • NULL
  • Posts: 4
  • Cookies: 0
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #23 on: August 12, 2013, 03:58:34 pm »
Thanks a lot! Im new to hacking so this was very useful.

Offline Feyd

  • /dev/null
  • *
  • Posts: 18
  • Cookies: -1
  • The spice must flow
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #24 on: August 12, 2013, 08:07:17 pm »
I think it is worth mentioning that disk encryption is useless if you get raided while the drive is decrypted and if you don't have any special software that unmounts or powers of the disk before the forensics team have done a full copy.
If you store your files in a removable drive, hide and take it away off the scene (make sure they wouldn't see).
I guess you can call this an attempt to solve the problem I mentioned but seriously, don't expect the police to be THAT incompetent.

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #25 on: August 12, 2013, 08:29:50 pm »
I think it is worth mentioning that disk encryption is useless if you get raided while the drive is decrypted and if you don't have any special software that unmounts or powers of the disk before the forensics team have done a full copy. I guess you can call this an attempt to solve the problem I mentioned but seriously, don't expect the police to be THAT incompetent.

Thats an interesting concept.
Making the disk useless upon 'cracking' gonna think about that for a little.
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline Feyd

  • /dev/null
  • *
  • Posts: 18
  • Cookies: -1
  • The spice must flow
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #26 on: August 12, 2013, 10:17:11 pm »
Thats an interesting concept.
Making the disk useless upon 'cracking' gonna think about that for a little.
If a forensics team uncovers an encrypted hdd they will make a raw copy first thing. They won't start cracking away trying to break the encryption. With a decent algorithm and a sufficently good password this won't matter much however.
If it is found decrypted they will ofc also make a copy in which case you are screwed if you don't manage to power of or unmount the drive.

Offline proxx

  • Avatarception
  • Global Moderator
  • Titan
  • *
  • Posts: 2803
  • Cookies: 256
  • ФФФ
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #27 on: August 12, 2013, 10:23:29 pm »
If a forensics team uncovers an encrypted hdd they will make a raw copy first thing. They won't start cracking away trying to break the encryption. With a decent algorithm and a sufficently good password this won't matter much however.
If it is found decrypted they will ofc also make a copy in which case you are screwed if you don't manage to power of or unmount the drive.


Yes exactly.
Use being screwed in your advantage.
They have to read from the disk to copy it.
There is the entry point, HDD's have firware , memory and ARM cores these days.
« Last Edit: August 12, 2013, 10:25:38 pm by proxx »
Wtf where you thinking with that signature? - Phage.
This was another little experiment *evillaughter - Proxx.
Evilception... - Phage

Offline Feyd

  • /dev/null
  • *
  • Posts: 18
  • Cookies: -1
  • The spice must flow
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #28 on: August 12, 2013, 10:45:14 pm »
Yes exactly.
Use being screwed in your advantage.
They have to read from the disk to copy it.
There is the entry point, HDD's have firware , memory and ARM cores these days.
That true. I've long thought about how to do such a dismount or whatever but never bothered to try to implement it. Would be a an interesting thing to look into.
In Truecrypt there is also the option to create a special partition (or whatever it is) that you can decrypt with a second password to provide you with plausible deniability in case you get forced to hand over your key.
« Last Edit: August 12, 2013, 10:49:08 pm by Feyd »

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: Guide to Anonymity, Security and Anti-Forensics
« Reply #29 on: August 13, 2013, 05:09:20 am »
In Truecrypt there is also the option to create a special partition (or whatever it is) that you can decrypt with a second password to provide you with plausible deniability in case you get forced to hand over your key.

You are thinking of the Hidden Volume option. Basically, you create a volume which has two passwords. One password opens up the volume in which you put a bunch of crap that wouldn't actually get you into any trouble, and the other password would open up the volume that has all your kiddy porn on it. LE wouldn't be able to tell that there is a hidden volume because the free space of any volume is filled with random data. The hidden volume would look just like this.
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python