Excellent, well-written hacking lessons: HackingTutorials.org

This entry is part 2 of 7 in the series [ Hacker Night School ]

It might seem funny for School for Hackers to like or endorse another hacking tutorial site, but the truth is that sites like Hacking Tutorials are terrific resources for all of us. This really excellent site features detailed, well-written step-by-step tutorials on up-to-the-minute vulnerabilities and exploits: The Top 10 Wifi Hacking Tools in Kali Linux and Penetration Testing from the Cloud, for instance.

Here at S4H we incorporate materials from the best sources and services we can find, and we encourage students to learn from YouTube videos, HackThisSite.org, root-me.org, and anywhere else you or we can find good stuff. In this case, I strongly recommend taking a tour through the site:

http://www.hackingtutorials.org/

Finding and Using Browser-saved Passwords: Another video from Starry Sky

This entry is part 3 of 7 in the series [ Hacker Night School ]

Yeah, we all do it, right? We let our browser store our passwords for all those sites we visit every day. It’s easy, it’s convenient, and it’s really easy to hack. Starry shows us how to reveal these passwords, swipe them and use them in another browser. Plus: he demos what you can do about this (besides not giving your passwords away to your browser).

[ Hacker Night School ] :: [ Hiding Your Ass ] :: [ Using a VPN ]

Starry Sky (Htet Aung)
This entry is part 5 of 7 in the series [ Hacker Night School ]

Starry Sky and Glenn Norman discuss using a VPN or proxy server

Now take the Quiz:

1. What of these statements is the most accurate description of a proxy.

a. Hides your IP address
b. Makes it look like you’re coming from a different IP address
c. Makes your web traffic (ports 80 and 443) look like it’s coming from a different IP address
d. Makes ALL your network traffic look like it’s coming from a different IP address

2. What exactly does a VPN do?

a. Hides your IP address
b. Makes it look like you’re coming from a different IP address
c. Makes your web traffic (ports 80 and 443) look like it’s coming from a different IP address
d. Makes ALL your network traffic look like it’s coming from a different IP address

3. Will a proxy hide your IP if you are:

Yes    No    Streaming video
Yes    No    Downloading a torrent
Yes    No    Using instant messaging
Yes    No    Watching Flash

4. Will a VPN hide your IP if you are:

Yes    No    Streaming video
Yes    No    Downloading a torrent
Yes    No    Using instant messaging
Yes    No    Watching Flash

5. Suppose you have been given a penetration testing contract to test the security of a company’s web applications. Which type of service would give you sufficient privacy, usually at no cost, and sometimes with superior speed?

a. Proxy server
b. VPN
c. macchanger
d. Burp Suite

6. Your next pen testing contract has you scanning your client’s internal and external networks and computer systems. You’ll be using lots of non-web tools like nmap and hping3. Which type of service will give you the level of concealment you’ll need when using any networking protocol?

a. Proxy server
b. VPN server
c. Working from the nearby Starbucks
d. Kali Linux

7. How should you check to see if your proxy or VPN is working?

a. Check your external IP address after starting the VPN
b. Check your external IP address before starting the VPN
c. Both, and make sure they’re the same!
d. Both, and make sure they’re different!

8. Which would be the safest country for you to get your VPN from?

a. USA
b. Switzerland
c. China
d. Russia

Answer Key:

1: c
2: d
3: No, no, no, no
4: Yes, yes, yes, yes
5: a
6: b
7: d
8: b

[ Hacker Night School ] :: [ Hiding Your Ass ] :: [ Using a Proxy Server ]

Glenn Norman
This entry is part 6 of 7 in the series [ Hacker Night School ]

One of the trickiest things about hacking is knowing what kind of anonymity tool to use, when. If what you are doing involves only the Internet (i.e. web pages and web sites), the right anonymity tool is a proxy server. “Proxy” means “stand-in” or “intermediary” (look it up; research is your specialty, right?), and a proxy server is just that: it makes your requests on your behalf, and hides your identity.

Cool, right? The thing to remember is that proxies (like TOR) only manage http(s) traffic. The instant you download and click on a .torrent file, or watch any video in any format, you’ve just jumped out of http(s), and into a different protocol that won’t be managed by your web proxy. And that’s what we really mean here: not just proxy but web proxy.

If you want to run all of your external network traffic through an anonymizing system, that would generally be a VPN, which can be a pipeline for literally everything you do outside your cable/DSL modem. But for a good discussion of when and why you should use a web proxy, check out the article linked below. It is, to a degree, an advertisement for a TOR alternative, but we all know how to filter out the advertising, right?

http://www.makeuseof.com/tag/x-reasons-using-anonymising-proxy-server/

And:

https://www.torproject.org/

https://geti2p.net/en/

 

[ Hacker Night School ] Being Anonymous: VPNs

Glenn Norman
This entry is part 7 of 7 in the series [ Hacker Night School ]

Sometimes you can go about your business out in the open, on the Internet and everywhere. But sometimes you don’t want to be seen. It’s a good thing there are lots of privacy apps and options. It’s a bad thing that most people don’t know when – and why – to use a particular tool.

VPNs are a great example. Your source traffic “submerges” and only re-emerges at the VPN endpoint, so your traffic looks like it’s coming from that endpoint, not from you. This can be anywhere from nice to life-saving, depending on your circumstances.

When would you use a VPN? When you want ALL of your traffic to pass through that VPN. Remember, if you’re running scans and testing remote systems, that traffic is (mostly) not HTTP, it’s various manipulations of IP and nearby protocols. Hiding your browser traffic, like a proxy will, doesn’t hide scanning traffic, or chat or video or torrenting or any number of things. (That’s why you don’t torrent or watch video in Torbrowser.)

Here’s a nice little piece about VPNs, with some intelligent questions in the comments below. It’s required reading for this course.

6 Reasons You Should Be Using an Anonymising Proxy Server