Professional Documents
Culture Documents
Stealth Scanning Strategies Modify Packet Parameters - STEALTH 2 Anonymity (Tor & Privoxy) - STEALTH 3
(cont) (cont)
Risk = Discovery By The Target.
Camouflage tool signatures to avoid Do not ping the target or use synchronize DNS Leak Test www.dnsleaktest.com
detection. (SYN) and nonconventional packet scans, Note
Hide attack in legitimate traffic. such as acknowledge (ACK), finished (FIN), Owners of exit nodes can sniff traffic and
Modify attack to hide source, type of traffic. and reset (RST) packets. may be able to access credentials.
Make attack invisible using non-standard Randomize / spoof packet settings source Vulnerabilities in Tor Browser Bundle can
traffic types & encryption. IP, port address, MAC address. be used by law enforcement to exploit
Adjust timing to slow the arrival of packets systems
Adjust Source IP Stack & Tool ID - at the target. ProxyChains does not handle UDP
STEALTH 1 Change packet size by fragmenting packets Some applications will not run - Metasploit,
or appending random data to confuse Nmap... Stealth SYN scan breaks out of
Disable Unnecessary Services:
packet inspection devices. proxychains and can leak information to the
Disable DHCP chkconfig dhcpd off
nmap must be run as root target.
Disable IPv6 nano /etc/sysc‐
nmap stealth http://nmap.org/book/man- Browser applications can leak your IP
tl.conf
bypass-firewalls-ids.html (ActiveX, PDF, Flash, Java, RealPlay,
#disable ipv6
QuickTime).
net.ipv6.conf.all.disabl‐
Anonymity (Tor & Privoxy) - STEALTH 3 Clear & block cookies before browsing.
e_ipv6 = 1
Tor-Buddy
Onion routing enables online anonymity by
net.ipv6.conf.default.di‐
Allows you to control how frequently the Tor
encrypting user traffic and then transmitting
sable_ipv6 = 1 IP is refreshed: http://sourceforge.net/proj‐
it through a series of onion routers. At each
net.ipv6.conf.lo.disable = ects/linuxscripts/files/Tor-Buddy/
router, a layer of encryption is removed to
1
obtain routing information, and the
Tools often tag packets with an id sequence Zenmap - STEP 1
message is then transmitted to the next
that can trigger IDS. Test tools against VM's
node. Zenmap
and review system logs for the tool's name.
Install Tor http://nmap.org/zenmap/
Use Wireshark to capture traffic then search
apt-get install tor The Official Nmap Security Scanner GUI.
pcaps for keywords attributed to the testing
nano /etc/Proxychains.conf Use this an entry point and then use nmap
tool.
Disable strict_chains
. Enable scans to gather additional data.
Set Metasploit UserAgent to Google
dynamic_chains
Indexing Spider: www.useragentstring.com
Edit [ProxyList]and ensure socks 5 Maltego
use auxiliary/fuzzers/htt‐
127.0.0.1 9050 exists. Maltego www.paterva.com is an open
p/http_form_field
Start Tor service tor start source intelligence and forensics applic‐
set UserAgent
Verify Tor service tor status ation for visualizing relationships among
set UserAgent Googlebot/2.1
Verify Source IP iceweasel www.wh‐ data that use data mining and link analysis.
(+http://www.google.com/‐
atismyip.com
bot.html)
Invoke Tor Routing with Proxychains
proxychains iceweasel www.wh‐
Modify Packet Parameters - STEALTH 2
atismyip.com
Identify the goal before scanning and send
Whois lookup the IP to confirm Tor is active.
the minimum number of packets.
Tor Verify ttps://check.torproject.org
Avoid scans that connect with target system
and leak data.
Recon-ng (cont)
Vulnerability Scanning