Stay Annoumoys while Black-box Penetration Testing (Tor and Proxychain)

During the black-box penetration testing sometimes we need  to hide our identity and stay anonymous, sometimes some firewalls and IDPS detect us while we are testing the machine, and might block our IP address. In this manner we need to keep changing the IP. So if the firewall blocks the companies IP so, then even if you change the local IP you may not have access to the website again. So the best way to hide the identity, is to you Tor and proxychain.

Install tor:

Apt-get install tor

 Then you just need to run tor service.

 Service tor start

So then you need to modify your proxychain configuration and polish it a little bit. So open the proxychain and uncomment the dynamic, comment the static, and at the end of the file you may find the socks4 127.0.0.1 9050.0.

You need to add the following code as well.

socks5 127.0.0.1 9050

************************Notice:*******************************

The file should be look like bellow after editing.

# proxychains.conf  VER 3.1

#

#        HTTP, SOCKS4, SOCKS5 tunneling proxifier with DNS.

#

# The option below identifies how the ProxyList is treated.

# only one option should be uncommented at time,

# otherwise the last appearing option will be accepted

#

dynamic_chain

#

# Dynamic – Each connection will be done via chained proxies

# all proxies chained in the order as they appear in the list

# at least one proxy must be online to play in chain

# (dead proxies are skipped)

# otherwise EINTR is returned to the app

#

#strict_chain

#

# Strict – Each connection will be done via chained proxies

# all proxies chained in the order as they appear in the list

# all proxies must be online to play in chain

# otherwise EINTR is returned to the app

#

#random_chain

#

# Random – Each connection will be done via random proxy

# (or proxy chain, see  chain_len) from the list.

# this option is good to test your IDS 🙂

# Make sense only if random_chain

#chain_len = 2

# Quiet mode (no output from library)

#quiet_mode

# Proxy DNS requests – no leak for DNS data

proxy_dns

# Some timeouts in milliseconds

tcp_read_time_out 15000

tcp_connect_time_out 8000

# ProxyList format

#       type  host  port [user pass]

#       (values separated by ‘tab’ or ‘blank’)

#

#

#        Examples:

#

#                    socks5        192.168.67.78        1080        lamer        secret

#                http        192.168.89.3        8080        justu        hidden

#                 socks4        192.168.1.49        1080

#                http        192.168.39.93        8080

#

#

#       proxy types: http, socks4, socks5

#        ( auth types supported: “basic”-http  “user/pass”-socks )

#

[ProxyList]

# add proxy here

# meanwile

# defaults set to “tor”

socks4         127.0.0.1 9050

socks5 127.0.0.1 9050

And the restart your tor service:

Service tor restart

Now you can open any application or browser using proxychain with the following command:

proxychains iceweasel www.ipchicken.com

Or

Proxychain nmap yourtargetip

Enjoy the anonymous surfing and penetration testing

Please let me know how do you keep your identity anonymous during penetration testing.

Enjoy the anonymous surfing and penetration testing

Advertisements

How to Add or Custom Linux Terminal banner

Have you ever considered how you can add a banner to your terminal to have a more customized Linux? Many of the time I saw in many people Linux terminal that they have a title or they have their name in their terminal just like the following image:

Capture

To do so, you may install figlet, with the following command:

Apt-get install figlet

You may find more info about the figlet from http://linux.die.net/man/6/figlet. So once you have installed the figlet, you need to go to your root directory you can see the .bashrc file (if your show hidden files option is already checked). Or you can use the terminal directly:

leafpad /root/.bashrc

Then open it with your text editor and bottom of the file in the last line you may add your text as:

Figlet “your name” –c

c switch set it in the center.

Save the file and open your terminal and enjoy your new terminal.

You may use other alternative tools with different options as well. For more info check the mewbies.com