removal of traces

A place where newbies can post without (much) fear of reprisal. All mission posts should still go in the applicable forum.
Forum rules
Older HTS users: Be nice to the new people.

NEW USERS: This is NOT the place to post about missions! Refer to "Missions" category.

removal of traces

Post by morronKing on Mon Mar 11, 2013 6:30 pm
([msg=74465]see removal of traces[/msg])

Hello,
Is there a complete guide of hiding one's traces after an attempt of "entering" a server(or a simple communication)?
How can one be certain that he will not be found, is there some list of logfiles or other traces that
once cleared tracing of entry becomes impossible. What should i read to learn more(theoretical practical)?
I mean all traces left from legally asking for an http webpage to illegaly changing files in the server
and i mean as close to total removal of all traces as possible(just like it never happened if possible).
Thank you in advance. :mrgreen:
morronKing
New User
New User
 
Posts: 3
Joined: Mon Mar 11, 2013 6:18 pm
Blog: View Blog (0)


Re: removal of traces

Post by WallShadow on Mon Mar 11, 2013 11:23 pm
([msg=74467]see Re: removal of traces[/msg])

first off, you have log files created by various pages such as login logs, visit logs, etc. they probably track what you entered and from where.
Next are logs created by the web server software. those simply record that you came.
Then, if you actually enter the system by some means such as SSH, there might be logs of that.
If you do file transfer, the OS will have records (not logs) of the file being created and those records are just all over the place, good luck getting rid of them.

In comp.sec. we have a principle called Locard's Exchange Principle which states that you can't interact with a system without leaving a trace. I'd recommend you take that principle to heart and use good anonymity along with the deletion or changes of as many logs as possible (however that in itself sometimes leads investigators to find you).
User avatar
WallShadow
Contributor
Contributor
 
Posts: 614
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: removal of traces

Post by morronKing on Thu Mar 14, 2013 1:20 pm
([msg=74534]see Re: removal of traces[/msg])

With the word anonymity i presume you mean something similar to using proxy servers. I dont know much about proxies
but i know this : Lets say you do something super illegal and the highest of authorities(and i dont mean god) tries to find you
a chain of proxies will only make them take longer untill they find you(they go to first proxy and ask who connected finding the second one ... last proxy and they find your true location).I dont know if there are specific servers that do not hold logs or do not show logs to anyone but if there are not this method does not seem safe at all :cry: .If you know more about such things please tell me.
morronKing
New User
New User
 
Posts: 3
Joined: Mon Mar 11, 2013 6:18 pm
Blog: View Blog (0)


Re: removal of traces

Post by WallShadow on Thu Mar 14, 2013 6:10 pm
([msg=74537]see Re: removal of traces[/msg])

proxies are indeed mostly insecure against the authorities. What you can do instead is use a Virtual Private Network or The Onion Router. TOR is the simpler of the two, simply download TOR and install, then you can go to any site you want and download or upload files through it. TOR is considered to be the most secure option out there, but i can't say for sure (I haven't exactly studied the TOR protocol yet). VPN are more expensive but are much faster and are also considered mostly secure. It's possible to also combine these two but the speeds of that will be drastically reduced. For more info, stop by on IRC on the channel #coffeesh0p, there are some knowledgeable people who can explain it much better than I ever can.
User avatar
WallShadow
Contributor
Contributor
 
Posts: 614
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: removal of traces

Post by 3vilp4wn on Thu Mar 14, 2013 7:48 pm
([msg=74540]see Re: removal of traces[/msg])

Here's how Tor works:

1.) You send an encrypted message to one "node". The node can't read what's being sent.
2.) That node sends a message to another node, and that one sends it to an "exit node". The exit node gets the file you want from the web.
3.) The exit node sends it back through the nodes it came from to you, encrypted all the way.

Let's look at this from an attacker's point of view.

Say the attacker can read what's being sent to and from your PC. It's encrypted, so it doesn't matter.
Say the attacker can see what's being sent to and from the exit node. They still have nothing, because they can't see that whatever it is was sent from your PC.
Say the attacker has control of all 3 nodes and can see what's coming in and out of your PC. You are screwed. However, with hundreds of nodes, the chance that you'll land on 3 compromised nodes is minimal, and if you use HTTPS, they won't be able to see what you're looking at anyways!

@Wall: It's spelled "Tor", even though it started as an acronym. I don't know why.

morronKing wrote:How can one be certain that he will not be found, is there some list of logfiles or other traces that once cleared tracing of entry becomes impossible.


It isn't perfect, but this will help:
Just fuck up their logfiles as much as you can. It'll take sssooooo much longer to find you if you use something like the UNIX "shred" command on their logs.

Good luck,
3vilp4wn
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers
???
٩(͡๏̯͡๏)۶

1A4EAMboaXpgvUSmtRbVRqbfJrbyuGhyoo
User avatar
3vilp4wn
Poster
Poster
 
Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)


Re: removal of traces

Post by morronKing on Sun Mar 17, 2013 8:19 am
([msg=74578]see Re: removal of traces[/msg])

Are there other information one should remove or hide before communicating with a server in an attempt to stay as invisible as possible(should i hide mac and other such things, if yes which)? Also tor's vulnerability in which someone watches the sender and recipient and decides whether the messages have the right timing (end to end or something its called) can it be stopped by changing the true point of connection of the sender(I mean connecting to the internet->tor from different places)?
Is what is called a botnet an alternative to using tor?
Please explain a bit more about this part
and if you use HTTPS, they won't be able to see what you're looking at anyways!

Thanks again
morronKing
New User
New User
 
Posts: 3
Joined: Mon Mar 11, 2013 6:18 pm
Blog: View Blog (0)


Re: removal of traces

Post by 3vilp4wn on Sun Mar 17, 2013 12:26 pm
([msg=74586]see Re: removal of traces[/msg])

morronKing wrote:Are there other information one should remove or hide before communicating with a server in an attempt to stay as invisible as possible(should i hide mac and other such things, if yes which)?

Not that I know of. If you hide your IP, you should be good.

morronKing wrote:Is what is called a botnet an alternative to using tor?

No, a botnet is a network of computers that have gotten viruses and are rented out to o things like spam people.

morronKing wrote:Please explain a bit more about this part
and if you use HTTPS, they won't be able to see what you're looking at anyways!

Thanks again

HTTPS is an encryption protocol. It encrypts whatever you are looking at, so that only you and the website that you are looking at know what you are looking at. More on HTTPS here.
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers
???
٩(͡๏̯͡๏)۶

1A4EAMboaXpgvUSmtRbVRqbfJrbyuGhyoo
User avatar
3vilp4wn
Poster
Poster
 
Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)



Return to NZone

Who is online

Users browsing this forum: No registered users and 0 guests