Sunday, January 19, 2014

Catch Me If You Can 2

Last year, I was talking about how to use 3G/4G pre-paid SIM card to do malicious things. The full article is here. However, many countries required to register the buyer's personal particulars when they purchase 3G/4G pre-paid SIM card. Today, I will introduce another method that you can use wired or mobile network to do malicious things untraceable.

First of all, you need a virtual machine (VMWare, VirtualBox or Parallels, etc) or a standalone computer. A router when you are connecting to the internet in wire. Otherwise, a pocket 3G/4G WiFi router is a must for mobile connection.

I prefer virtual machine if you have a suitable hardware (for example, more than 4GB RAM and a large hard drive or SSD).

Secondary, you need to install Ubuntu Server 12.04 LTS (x86 or x86_64) with openssh installed on the virtual machine (or a standalone computer if your prefer).

Thirdly, after installed Ubuntu server 12.04 LTS, you need to install NightHawk. Make sure your MAC address of the network interface (NIC) is changed or customized by macchanger. I recommended not to use the default MAC address even you are using virtual machine.

Fourthly, you connect to the virtual machine (NightHawk) with PPTP VPN and then you can do everything (including maliciously) untraceable. Make sure you change the DNS to others (not your real ISP) in your host computer (PPTP setting).

Finally, if you are using Kali Linux, you can install the VPN client as the following :

apt-get install network-manager-pptp-gnome network-manager-pptp
/etc/init.d/network-manager restart


For the setup of NightHawk, please refer to here.

Two things you should remember, one is to change the MAC address of the NIC at virtual machine; and the other is to change the DNS entries of PPTP configuration. By the way, do NOT use reverse connection or you need to use hidden services (I am not tried yet). Javascript and Flash should be disabled on browser too. Otherwise, you will be traced.

Final thought, after the successful and amazing malicious attack, you can securely and completely delete the virtual machine. In addition, you are recommended to fully encrypt your Kali Linux box and implement the self-destruction. Then, you can destroy your Kali Linux box with "nuke" passphrase in case you are being caught. Nice?

That's all! See you.