Home    Training    Downloads    Tutorials    Arbitary    Get Fate    Proxy Info
 
Training session 14: Access Denied
Difficulty: Medium
Learn how to Bounce and Hide your connection
Creator: m101


Proxies, shells and wingates can come in handy for many reasons. Somehow you managed to get yourself klined from your favourite irc server, or you are hacking a box, or your school has blocked you from downloading the files you want. Whatever your devious reasons are to keep your identity hidden you should be able to find a solution to your problem.

Before i taught you the basics of using the 'GET' method on a proxy to gain access to what you have been denied. Proxies have a tendency to disconnect you tho, and can become rather annoying, so wingates come in handy. To use a wingate simply telnet to one and type the address followed by a colon and the port number, for example '127.0.0.1:23' Quite often wingates are password protected tho, and public ones can be rather hard to find. To find them either use a scanner or get some of your mates. However you get them, dont go begging anyone for them, they will probably tell you to bugger off and go ask someone else. much like my response ;)

So your trusty school or university has just disabled the downloading of zip files, and that new distro of FreeBSD has just been released, and your home connection would take the next five centuries to download it. So what do you do? Pay for it? No way, although i like to support people that make software under public license, or you are just after the latest game on the market, why should you sit down and allow your teachers or lecturers to stop you from hogging their precious (and expensive) bandwidth? Well in my opinion, you shouldnt. To fix your problem, you could either use proxies, which tend to be rather slow and already over used, or you could make web servers do it for you. For example remember how your ISP gave you that free webspace with your home internet account? or that new hosting that just opened up and has lots of lovely bandwidth? Well you can 'borrow' it for your own personal gain. To do this all you have to do is create and upload a few proxy scripts to the free webspace. Make sure the webspace allows PHP and upload the following script to it:

<?
if ($password == "freebandwidth") {
$fp = fopen("http://".$destfile,"r");
while (!feof($fp)) {
$fd = fread($fp,4096);
echo $fd;
}
fclose($fp);
}
exit;
?>

A similar script could be made in Perl if that is all the host supports, but it is reasonably more simple to do in PHP. After you have uploaded it the following request would download 'http://www.download.com/newfreebsd.zip' and send the file to you:

http://www.stupidhost.com/~myaccount/proxy.php?destfile=www.download.com/newfreebsd.zip&password=freebandwidth

What the script does is downloads the file and prints it into the contents of what you see when you visit the url, so you may have to save the link rather than opening it depending on what you are using to download it. Try not to do this with extremely large files, as your host my be not upto speed with the connection you are on. To download from FTP's can be a little more dificult, but can still be accomplished. This example can be applied to many diferent situations, once i had four local ISP's all calculating mega fractals for me thru a little Perl script i created. One slightly more interesting application i found was to get hosts to crack DES encryptions and have them emailed to me when they have been cracked. Quite often a host can be on a rather beasty box, and a little processing power wont be missed.

Shells are also rather dificult to find, but give you the absolute most flexibility to launch an attack from. Public shells normally block all outgoing address requests, so you cant go wasting their limited bandwidth or do any hacking from them, and since they are free, DO NOT abuse them or try to hack them, it is extremely lame to even attempt to exploit something for more than it is already giving you, when it is already a free service offered to you out of the kindness of some guy you have never met before. If you plan on hacking, never pay for a shell, preferebly hack one. Now think to yourself, i wanna hack that bank, but i would really need a shell to do that from in the first place... There is no point in doing a huge hack on some other business just to gain a simple shell. So here is where pathetic people with static ip's on cable connections come in handy. Their general lack of knowledge and money means if you hack them, there is nearly no chance of getting caught. Target fresh installs, or people running OS's like Red Hat 5.2. A simple WU-FTPD exploit will normally get you a quick root shell, and this box is obviously better to hack from now than is your own box. Never modify or destroy anything on a box you have 'borrowed', only ever remove anything that could reveal your own identity and get you in trouble. Basic logs are generally kept in '/var/logs'. Under most circumstances, aslong as you are careful about leaving anything lying around, your hack wont be noticed and you can safely just delete these logs, but i would reccomend modifying them to reveal microsoft.com's IP address or something similar ;) Keep all files you upload in reasonable places that arent checked that much, that means dont put something like 'exploit.c' in '/' or you deserve what you get. Keep your files in someplace like '/etc/X11/' and if possible install a rootkit to cover your tracks.

It is possible to spy on another persons telnet session, this is useful to do things such as sniff passwords, or to check if the owner of the box you have hacked is active. To do this on most linux installs, all you have to do is send all input from tty1 to your console. Usually you can do this by typing the following:

port /dev/tty1
term

This may not work depending on your distro, but as root, you should be able to find a method to do this rather simply for the OS you are spying on.

Never forget to cleanse the box you have hacked of any logs, and remember it is essential to hack simple box's for shell accounts before going for the 'big' one. Stolen or fake dialup accounts can be extremely useful to hide your identity. Always use proxies and firewall's, even when you are just chatting, if you are tracked down just from what you say to your mate it can also be disasterous. It is better to be paranoid about being caught, than to wake up in the morning with four armed cops knocking on your door.
Name

URL or Email

Message