Jump to content


Photo
* - - - - 2 votes

Do you guys use proxies?


  • Please log in to reply
24 replies to this topic

#1 R4p1d

R4p1d

    Hakker addict

  • Members
  • 840 posts
  • Country:
  • Gender:Not Telling
  • Location:Space

Posted 08 December 2007 - 12:56 AM

I know hacking in general is not illegal, but let's say someone is looking for me, how do I stay hidden over the enternet? Different account names? different ip's for each account? How do you stay hidden from everyone on the web, basically how do I become untraceable? No personal reasons, just intrested ^_^

#2 LUCKY_FUCKIN_CHARMS

LUCKY_FUCKIN_CHARMS

    TCP/IP....PI/MP

  • Members
  • 1,493 posts
  • Gender:Male
  • Location:Las Vegas

Posted 08 December 2007 - 01:02 AM

i like to use other peoples internetz. wardriving is fun

#3 n3xg3n

n3xg3n

    "I Hack, therefore, I am"

  • Members
  • 960 posts
  • Country:
  • Gender:Male
  • Location:(703)

Posted 08 December 2007 - 01:04 AM

It all depends on how "untraced" you want to be, from where, and from whom. When I get on BinRev from home for instance, it's a straight up connection, but when I am at school and I don't want the admins seeing ([sic] Auto-Filter blocking) what I am doing, I ssh proxy through my home computer. But if I am hacking a gibson across state lines, then you have to do it from a payphone while connecting through at least 3 jumpoff points; oh and satellites :roll: (i think thats atleast 3 good movies there)

But in all seriousness at some point the connection hast to go out from somewhere and depending on who you are trying to avoid and how much leverage they hold it is always possible to trace a connection back to the source connection (if it was a coffee shop WiFi, out of your area, with no cameras, and you spoofed a MAC address, then your pretty much good) But there are levels of paranoia, each with an appropriate response.

Also keep in mind, unless you run the server your connecting through, you have no idea who is watching both ends of the connection and logging all packets. First off they can gather passwords this way, and there have been reports of gov't run proxy servers.

#4 R4p1d

R4p1d

    Hakker addict

  • Members
  • 840 posts
  • Country:
  • Gender:Not Telling
  • Location:Space

Posted 08 December 2007 - 01:07 AM

I'm just a kid who doesn't want to be watched by online police for instance, (even though I'm doing nothing illegal) I don't have my own laptop atm, just an Imac with leopard (older model) and 2 winxp pc's. Is there a way I could use that to my advantage?
Oh take not I am getting a laptop within 3 months.

#5 Alpha_Hacka

Alpha_Hacka

    the 0ne

  • Members
  • 1 posts

Posted 08 December 2007 - 01:56 AM

Well I am not sure about being untraceable but---

Tor Project
You might want to look at the Tor Project.
I highly suggest your read Tor: Overview and understand how it works before you start using it. Tor as far as I know, does not require any screening before some one can become a 'exit node'. Where the data ends up going though unencrypted. This can be a problem because if there is some unethical person who has set up a exit node they can view your traffic if it goes though there box, they can also do other stuff like change data that’s being send though or replace images that go back to you (goatse...). Or anything else that goes with a man in the middle attack. This can cause some security & privacy concerns. You may want to use SSL with any site you look at though tor.

Jap
"The JAP client program allows the user to choose among several Mix Cascades (i.e. a group of anonymization proxies) offered by independent organisations. Users may choose by themselves whom of these operators they will trust, and whom they won't. This is different than peer-to-peer based anonymity networks like Tor (anonymity network) and I2P, whose anonymisation proxies are anonymous themselves, that means the users have to rely on unknown proxy operators." -wikipedia

Other Proxie sevices
There are also other proxies services some of which you can buy and some are free. Most of them are based off PHProxy or CGIproxy. These can be good but are some times slow especially the free ones. Remember as with tor the proxy provider could be sniffing your data or manipulating this as they go though. You may want to sue SSL with any website you view though these if you do not trust the source which provides it.

Warnings
1. It is wise to remember that most if not all of pay-for proxy services will log everything that goes though there services, so any one with a subpoenas could probably get the IPs you visited, times, etc. Same goes for free services.
2. Remember use SSL whenever you can because otherwise they could sniff the traffic going though.
3. Java, Javascript, ActiveX or other plugins/scripting or exploits may leak your real ip out to a web. Make sure you are using a secure browser. I would suggest you also use firefox and NoScript. I turn java off on my browser because none of the sites I use need it and it seems to always leak my ip.
4. Javascript leaks a whole lot of information about you including you screen width and height, language, you browsers, version, your platform (Operating System). Referrer (Last site you where on, but only if you click though from it). Although some of these features may enchant you view of a website (eg screen width & height) just be aware your browser may be giving off this information. Check out this.
5. You user agent might be giving off allot of information as well OS, Browser, and Version....

Words of the wise (?)
Privacy is a mindset not a service.
You are almost never "untraceable".
The service is only as good as you are at keeping your privacy...


Cookies
Cookies are small but of information that is stored on your computer, they can identify you to the website. Say if you have logged in they might give you a cookies to know that is you even when you ip has changed etc. This can also be bad becuase people can track you from websites to website. Make sure that you browser only gives you cookie to the website that assigned it and that you only allow cookies on websites you trust.

Open/Insecure Wireless
If you are paranoid about your privacy I would suggest using anonymos-shmoo because it does not give off your real MAC Address and uses a custom hostname. Then connect to a rooted wireless some where far aware where there are no cameras.

Search Engines
Search engines like Google log everything please remember that, I personally use scroogle, you might want to check it out.

Note
I plan and making this larger/more clear so people can reference to it for privacy.. Any help would be appreciated.
Right now I need a cold coca-cola and a break.... =p

Edited by Alpha_Hacka, 08 December 2007 - 08:37 AM.


#6 R4p1d

R4p1d

    Hakker addict

  • Members
  • 840 posts
  • Country:
  • Gender:Not Telling
  • Location:Space

Posted 08 December 2007 - 02:05 AM

As I see you have one post, I am concerned, does anybody vouch for him being correct on this subject?

#7 LUCKY_FUCKIN_CHARMS

LUCKY_FUCKIN_CHARMS

    TCP/IP....PI/MP

  • Members
  • 1,493 posts
  • Gender:Male
  • Location:Las Vegas

Posted 08 December 2007 - 02:08 AM

As I see you have one post, I am concerned, does anybody vouch for him being correct on this subject?

post count does not make a difference on quality of posts. read what he posted dont look at his post count.

#8 R4p1d

R4p1d

    Hakker addict

  • Members
  • 840 posts
  • Country:
  • Gender:Not Telling
  • Location:Space

Posted 08 December 2007 - 02:14 AM

Well I looked at scroogle, made a mistake typed in scroogle.com and a porno site came up lol, well anway most of the information I am finding very helpful.

#9 oddflux

oddflux

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 380 posts
  • Location:cyberspace

Posted 08 December 2007 - 10:31 AM

Proxies are useful, but aren't really unpenetratable.

Tor has been penetrated.

MD5 has been penetrated.

#10 hbp

hbp

    rekcah-rebÜ

  • Members
  • 709 posts

Posted 08 December 2007 - 10:44 AM

your mother has been penetrated. OHHHH


but yeah, your best bet is using someone elses internetz, like vector said ^. though some might consider that immoral. Oh well, other than that.. tor is your most secure choice.

#11 n3xg3n

n3xg3n

    "I Hack, therefore, I am"

  • Members
  • 960 posts
  • Country:
  • Gender:Male
  • Location:(703)

Posted 08 December 2007 - 10:47 AM

Proxies are useful, but aren't really unpenetratable.

Tor has been penetrated.

MD5 has been penetrated.


What does MD5 have to do with proxying a connection? it is a one-way trap door encryption used to hash stuff. It has not been 'penetrated', it simply isn't as strong as previously held because it can be run against a rainbow list or a wordlist with ever increasing speed. Tor has not been 'penetrated' either, there was a theoretical attack that would break it, but it involved being able to see a massive (60%) amount of the internet.

#12 oddflux

oddflux

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 380 posts
  • Location:cyberspace

Posted 08 December 2007 - 11:04 AM

MD5 is still an encryption mechanism

Eitherway, just check this post out.

There are many vulnerabilities in SSL.


(Thanks to Syn/Ack--BN)

By Declan McCullagh
Staff Writer, CNET News.com

Encryption circles are buzzing this week with news that mathematical functions embedded in common security applications might have previously unknown weaknesses. The excitement began last Thursday with an announcement that French computer scientist Antoine Joux had uncovered a flaw in a popular algorithm called MD5, often used with digital signatures. Then four Chinese researchers released a paper that reported a way to circumvent a second algorithm, SHA-0. While their results are preliminary, these discoveries could eventually make it easier for intruders to insert undetectable back doors into computer code or to forge an electronic signature--unless a different, more secure algorithm is used. A third, widely anticipated announcement, which could be even more dramatic, is scheduled to take place Tuesday evening at the Crypto 2004 conference in Santa Barbara, Calif. Eli Biham and Rafi Chen, researchers at the Israel Institute of Technology, originally were scheduled to present a paper identifying ways to assail the security in the SHA-0 algorithm, which is known to have imperfections. Now they're promising to discuss "breaking news information" about the SHA-1 algorithm at a conference session that was set to begin at 7 p.m. PDT. News of serious flaws in the SHA-1 algorithm could, depending on the details, roil the computer security industry. Currently considered the gold standard of its class of algorithms, SHA-1 is embedded in popular programs like PGP and SSL. It's certified by the National Institute of Standards and Technology and is the only signing algorithm approved for use in the U.S. government's Digital Signature Standard. SHA-1 yields a 160-bit output, which is longer than MD5's 128-bit output and is considered more secure.

P.S nexgen do you know much about the integer overflow in intel's LOAD func?

#13 n3xg3n

n3xg3n

    "I Hack, therefore, I am"

  • Members
  • 960 posts
  • Country:
  • Gender:Male
  • Location:(703)

Posted 08 December 2007 - 11:12 AM

P.S nexgen do you know much about the integer overflow in intel's LOAD func?


absolutely nothing.

But use your attack and crack this hash: e893314726ad2917441fc08381c6f3ac

#14 oddflux

oddflux

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 380 posts
  • Location:cyberspace

Posted 08 December 2007 - 11:15 AM

I'm sorry to disappoint you, nexgen, but I do not crack MD5 hashes.

However, it has come across to me that there is an MD5 cracker at the following location:

http://digg.com/secu...5_Hash_Cracker_

Please enjoy.

#15 n3xg3n

n3xg3n

    "I Hack, therefore, I am"

  • Members
  • 960 posts
  • Country:
  • Gender:Male
  • Location:(703)

Posted 08 December 2007 - 11:24 AM

way to dodge the point! I generated this hash myself, you claim that MD5 is broken, you crack it within the life-expectancy of our solar system. All online crackers are just SQL tables with the hash and the plaintext...

#16 Lugner

Lugner

    Gibson Hacker

  • Members
  • 86 posts

Posted 08 December 2007 - 12:30 PM

Although it's completely off-topic (proxies->md5, who knows how), MD5 should be considered busted. Check out the hashclash project for more details.

No, you cannot crack an MD5 is uber-small time now, or reverse one, or anything like that. But it's flaws have been shown and are exploitable. It should be considered busted and not used in the future -- that's all I'm saying.

#17 n3xg3n

n3xg3n

    "I Hack, therefore, I am"

  • Members
  • 960 posts
  • Country:
  • Gender:Male
  • Location:(703)

Posted 08 December 2007 - 12:41 PM

Although it's completely off-topic (proxies->md5, who knows how), MD5 should be considered busted. Check out the hashclash project for more details.

No, you cannot crack an MD5 is uber-small time now, or reverse one, or anything like that. But it's flaws have been shown and are exploitable. It should be considered busted and not used in the future -- that's all I'm saying.


This is true, and I agree, MD5 should not be used in future projects, but I am tired of people acting like MD5 is now the rough equivalent of rot13 encryption. It is still a strong hashing tool if what your trying to protect isn't of the greatest importance. It also works well to CHECKSUM executables, where the odds of having a working Trojan or corrupted file having a collision are near to nil.

But back on to the topic of proxies. General advice I can give you: Don't trust proxy servers you don't own, someone is almost always sniffing traffic. Better General advice: Use a public wifi connection (coffee shop, etc...) so there is a direct connection and other people using the connection (spoofed MAC, and avoid cameras but inconspicuously. Obviously avoiding cameras is much more suspicious than being caught on camera innocuously typing away. Do it when there are alot of people there). Best general advice: Don't do anything that could land you in a shitload of trouble if the connection weren't obfuscated. :P

#18 Lugner

Lugner

    Gibson Hacker

  • Members
  • 86 posts

Posted 08 December 2007 - 01:14 PM

Although it's completely off-topic (proxies->md5, who knows how), MD5 should be considered busted. Check out the hashclash project for more details.

No, you cannot crack an MD5 is uber-small time now, or reverse one, or anything like that. But it's flaws have been shown and are exploitable. It should be considered busted and not used in the future -- that's all I'm saying.


This is true, and I agree, MD5 should not be used in future projects, but I am tired of people acting like MD5 is now the rough equivalent of rot13 encryption. It is still a strong hashing tool if what your trying to protect isn't of the greatest importance. It also works well to CHECKSUM executables, where the odds of having a working Trojan or corrupted file having a collision are near to nil.


*cough* I'm done talking about MD5 stuff -- back to our regularly scheduled topic.

Edited by Lugner, 08 December 2007 - 01:15 PM.


#19 deadc0de

deadc0de

    SUP3R 31337 P1MP

  • Members
  • 272 posts
  • Location:ring0

Posted 08 December 2007 - 02:20 PM

MD5 is still an encryption mechanism

Eitherway, just check this post out.

There are many vulnerabilities in SSL.


(Thanks to Syn/Ack--BN)

By Declan McCullagh
Staff Writer, CNET News.com

Encryption circles are buzzing this week with news that mathematical functions embedded in common security applications might have previously unknown weaknesses. The excitement began last Thursday with an announcement that French computer scientist Antoine Joux had uncovered a flaw in a popular algorithm called MD5, often used with digital signatures. Then four Chinese researchers released a paper that reported a way to circumvent a second algorithm, SHA-0. While their results are preliminary, these discoveries could eventually make it easier for intruders to insert undetectable back doors into computer code or to forge an electronic signature--unless a different, more secure algorithm is used. A third, widely anticipated announcement, which could be even more dramatic, is scheduled to take place Tuesday evening at the Crypto 2004 conference in Santa Barbara, Calif. Eli Biham and Rafi Chen, researchers at the Israel Institute of Technology, originally were scheduled to present a paper identifying ways to assail the security in the SHA-0 algorithm, which is known to have imperfections. Now they're promising to discuss "breaking news information" about the SHA-1 algorithm at a conference session that was set to begin at 7 p.m. PDT. News of serious flaws in the SHA-1 algorithm could, depending on the details, roil the computer security industry. Currently considered the gold standard of its class of algorithms, SHA-1 is embedded in popular programs like PGP and SSL. It's certified by the National Institute of Standards and Technology and is the only signing algorithm approved for use in the U.S. government's Digital Signature Standard. SHA-1 yields a 160-bit output, which is longer than MD5's 128-bit output and is considered more secure.

P.S nexgen do you know much about the integer overflow in intel's LOAD func?



MD5 is a Cryptographic hashing algorithm that has a 128 bit hash value. It does not "encrypt" anything. It creates a digest for comparison.


Right there. Oh look! There goes your argument out the door. Not even Ron, the creator, recognizes MD5 as a valid encryption algorithm. It's used to generate hashs and digests. That's it.

Edited by deadc0de, 08 December 2007 - 02:21 PM.


#20 Aghaster

Aghaster

    The Frenchman

  • Agents of the Revolution
  • 2,093 posts
  • Country:
  • Gender:Male
  • Location:Quebec, Canada

Posted 08 December 2007 - 04:01 PM

I have one question about proxies:

how do we use them in socket programming? I've barely used them with firefox or IE by setting the proxy in the options of the browser. I have no real idea of how it works at the protocol level.

Edited by Aghaster, 08 December 2007 - 04:02 PM.





BinRev is hosted by the great people at Lunarpages!