Did you know that you can navigate the posts by swiping left and right?
I decided to start a #redteam series of posts, so here we are! The setup we’ll use? Just a Kali linux installation, since it has everything we’ll ever need. I suggest setting it up in a live USB with persistence (and encrypted), so you can have your workstation always with you. You’ll be able to stick your USB on any computer you find and fire up Kali. If you’re using a mac, follow this guide.
So, what’s your goal? To get access to a resource that you are not authorized to do so. The caveat? The resource owner shouldn’t discover that you accessed it!
Let’s start by hiding your MAC address. Why hiding it? To avoid your physical unique machine identifier from being logged by your network provider (for example Starbucks’s WiFi network). Why can you spoof this unique identifier? Because your network provider has no way to verify that your MAC address is the one you’re claiming to be. In other words, it’s like someone asking what’s your name, without asking for a government issued document to verify that this is your real name!
Here’s how to change your MAC address if you’re using your WiFi:
ifconfig wlan0 down macchanger -r wlan0 # -r for asking for a random MAC ifconfig wlan0 up
If you’re on ethernet, then you need to specify the eth0 interface instead of the wlan0.
I suggest you put these commands in your bash profile, so you never forget to run them
Next, let’s hide your IP address. Your IP address can’t be spoofed. It’s like expecting to receive a mail, while you gave a fake address to the sender. What you can do instead, is to send the mail to another recipient and expect that recipient to send that mail to you. That’s how proxies work. You redirect all your traffic through another server. Let’s use the proxychains tool to hide behind a proxy easily.
First, let’s find our IP address:
curl https://canhazip.com/ 22.214.171.124
Now let’s use proxychains to issue the same command. By default proxychains uses the Tor network as a proxy, so let’s start the Tor service:
service tor start
In order to use the proxychains, you just need to add it before the command you want to execute. Normally you’ll want to perform a network scan (e.g.), like this:
proxychains nmap -sS 192.168.1.0/24
But for practical reasons (actually seeing our IP address changing), let’s GET the canhazip page through proxychains:
You can verify that your IP is one of Tor’s exit nodes by searching for it here.
Now, let’s add one more proxy (located in Venezuela), after Tor in our chain:
Of course you can chain as many proxies as you want, making it more and more difficult to trace you.
And now my favorite part, let’s randomize the chain order! Comment out the “strict_chain” option and uncomment the “random_chain”:
Now my traffic is going through either the three Tor nodes and then the proxy in Venezuela, or it will start from the proxy in Venezuela and then go through the three Tor nodes.
Have fun scanning!