.

Hacking using tor?

<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 569

Joined: Sat Apr 17, 2010 12:12 pm

Post Fri Jan 07, 2011 11:49 pm

Hacking using tor?

So in the beginnning of hacking exposed vol.6 I remember seeing a case example where a hacker used tor to assist in their attack. I figured I would come across it in my studies, but not as of yet. So, what ways can tor be used to assist in the hacking process? It is logical to use during the recon phase, so your IP is untraceable, but what about tunneling your attacks through the network?
sectestanalysis.blogspot.com/‎
<<

eth3real

User avatar

Sr. Member
Sr. Member

Posts: 309

Joined: Wed Feb 27, 2008 10:35 am

Location: US

Post Sat Jan 08, 2011 12:46 pm

Re: Hacking using tor?

Personally, I would say this is a bad idea for pen-testers. As you probably already know, whoever is in control of the exit-node, or the last person in the chain of Tor routes, would be able to sniff that traffic as if it was originating from their network. Just because the Tor traffic is encrypted between nodes, doesn't mean it can encrypt the traffic to the final destination, unless it was encrypted in the first place.

That means whatever information discovered during a pen-test, which is supposed to help reveal security faults before the public can exploit it, would then have a chance of being disclosed to an anonymous person in the Tor community. And if you've signed a nondisclosure agreement, that would not be good for you if it was to be released to the public.

That's how I see it, anyway.
Put that in your pipe and grep it!
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Sat Jan 08, 2011 3:03 pm

Re: Hacking using tor?

While I totally agree with eth3real, I would just like to add that unencrypted traffic being sent across *any* network will be viewable by device owners between the pentester and the target. This is true for devices located between the exit node in the Tor network and the target, as well as devices from your home directly to the target... the question really is what devices do you trust?

However, if your traffic is encrypted, Tor is definitely useful for hiding your attack platform IP address. I've had system operators block my attack platform IP address in the past, thinking they can out-smart me. Tor's come in handy a couple times to verify they were blocking my probes... got them in some hot water with their managers.
Last edited by Grendel on Sat Jan 08, 2011 3:44 pm, edited 1 time in total.
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 569

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Jan 09, 2011 12:52 am

Re: Hacking using tor?

Thanks for both replies. I dont intend to do this on assignment, but I would like to know how this is done, As Grendel said, it could be useful one day. Besides, I dont know how many tor users are hackers, most being pirates and users in countries with "great firewalls". The one i'm in has a "little firewall".

I found a video on youtube that shows one way to do it, it requires proxychains, which is a linux program. There also appears to be a commercial product that does the same thing, Protoport Proxy Chain,but it has low reviews in terms of functionality. http://download.cnet.com/Protoport-Prox ... 97250.html
Last edited by SephStorm on Sun Jan 09, 2011 4:16 am, edited 1 time in total.
sectestanalysis.blogspot.com/‎
<<

t0rh4cker

Newbie
Newbie

Posts: 10

Joined: Fri Jan 21, 2011 2:44 pm

Post Fri Jan 21, 2011 3:01 pm

Re: Hacking using tor?

In certain circumstances I would use Tor for an authorized PenTest.  If anything use it to test how effective the administrators are with reviewing logs and finding offending IPs. 

Anyway, look at this recent post that will walk you through setting up your box to use Tor for a Pentesting.

http://securitystreetknowledge.com/?p=283
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 569

Joined: Sat Apr 17, 2010 12:12 pm

Post Sat Jan 22, 2011 12:21 am

Re: Hacking using tor?

Thanks for the info, I have set it aside for later, once I get a linux PT box set up. Are you familiar with any ways to do the same on Windows? Im fairly sure that proxychains is *nix only.
sectestanalysis.blogspot.com/‎
<<

t0rh4cker

Newbie
Newbie

Posts: 10

Joined: Fri Jan 21, 2011 2:44 pm

Post Sat Jan 22, 2011 9:08 am

Re: Hacking using tor?

Sorry but I do not know of a Windows solution yet.  I will let you know when I come across one.

I must warn you that even if you use SSL through Tor it can be stripped off.  So if you are hacking i wouldn't be so worried about a bad guy seeing your traffic but rather big brother.  If you look at some of the fastest ExitNodes they tend to be located in areas near state-owned cyber defense establishments.(Do a GeoIP on the ExitNode IP address)  If you read a lot of blogs you will hear authors say how they capture this or that attack in the wild.  Then they get credit for the exploit.  It is my guess they are monitoring their own Tor ExitNode.
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 569

Joined: Sat Apr 17, 2010 12:12 pm

Post Sat Jan 22, 2011 9:23 am

Re: Hacking using tor?

Thanks for the heads up!
sectestanalysis.blogspot.com/‎
<<

tturner

User avatar

Sr. Member
Sr. Member

Posts: 435

Joined: Thu Jun 26, 2008 4:50 pm

Post Sat Jan 22, 2011 11:23 pm

Re: Hacking using tor?

Tor is soooo slow! Even if there were not issues of confidentiality, I cannot even imagine trying to push any significant traffic through Tor. At least that was my experience a couple years ago when I used for browsing.
Certifications:
CISSP, CISA, GPEN, GWAPT, GAWN, GCIA, GCIH, GSEC, GSSP-JAVA, OPSE, CSWAE, CSTP, VCP

WIP: Vendor WAF stuff

http://sentinel24.com/blog @tonylturner http://bsidesorlando.org
<<

SephStorm

User avatar

Hero Member
Hero Member

Posts: 569

Joined: Sat Apr 17, 2010 12:12 pm

Post Sun Jan 23, 2011 12:04 am

Re: Hacking using tor?

Hey TT,

I replied to your message a few days ago, wasnt sure if you received it?
sectestanalysis.blogspot.com/‎
<<

msnmatt08

Newbie
Newbie

Posts: 3

Joined: Thu May 26, 2011 8:22 am

Post Thu May 26, 2011 10:18 am

Re: Hacking using tor?

I agree with the above comments, only use in an authorized PenTest..any other reason to use it shouldnt be done.

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 3 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software