exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

hackers-rfc.txt

hackers-rfc.txt
Posted Oct 16, 2008
Authored by fckD

The Hacker's RFC - This document introduces best practices a computer hacker should know about and implement for his own safety.

tags | paper
SHA-256 | 5dfd6596e321d2e81fa6a2c7d9595a98bfcbbebec637c8ddb53d37a350a936d3

hackers-rfc.txt

Change Mirror Download

Network Hacking Group fckD
Version: 0.1
October 2008


The Hacker's RFC


ABSTRACT

This document introduces best practices a computer hacker should
know about and implement for his own safety.


------[ Table of Contents

1 - Introduction

2 - Why this paper?

3 - Selecting a target

4 - Anti-forensics

4.1 - Full disk encryption
4.2 - Virtual Disk/Partition/Drive Encryption
4.3 - Cipher recommendations
4.4 - Encrypted communication
4.5 - Avoid logging
4.6 - Useful tools

5 - Notes on behavior and trust

6 - Keep yourself up to date

7 - Related reading

8 - Final words

------[ 1 - Introduction


The purpuse of this document is to write down fundamentals best
safety practices a hacker can use when hacking stuff.

This paper focuses on setting up a *secure* computer for real
hacking attacks.


------[ 2 - Why this paper?


The main reason I decided to write this paper is to promote real
computer hacking and help out people who are willing to do real
stuff by sharing a bit of what I have learnt from my experiences.

I would like to add an extra paragraph to say that most of hacking
challenges and hacking plateform like WebGoat do not represent the
reality. So if you really want to improve you should go wild with
all the risks that means.


------[ 3 - Selecting a target


When choosing where to hack for fun these are the best practices:

- blacklisting:
* avoid your own country
* avoid good friends of you own country
* avoid countries you may want to go live in
* if you are living within the european union it is preferable
not to hack into countries that are members of the union

- whitelisting:
* select somewhere far like Peru, Chili, Argentina, Aruba, Yemen,
Uruguay, Mongolia, Liberia, Korea, Cambodia, Gabon. An exaustive
list of countries can be fount in [1].
* select countries in a cyber war like Georgia with Russia

Once you have choosen which part of the world to target you could
look at its url country code [1].


------[ 4 - Anti-forensics


This section focuses on setting up a computer *protected* against
forensics investigation(s).


---[ 4.1 - Full disk encryption

Installing a full disk encryption software to protect your files
is highly recommended. There's a list of free and open sources
tools available for you:

windows:
- Truecrypt [2]
- DiskCryptor [19]
linux:
- dm-crypt/Linux Unified Key Setup (LUKS) [3,4,5,6]
- EncFS [9]
- eCryptfs [10]
- Loop-AES [15]
bsd:
- GELI [7,8]
- CGD [16]

note: under linux or bsd remember to also encrypt the swap
partitions.


---[ 4.2 - Virtual Disk/Partition/Drive Encryption

If you need to encrypt a virtual disk a partition or a drive (e.g
usb drive), there's a list of free and open sources tools for you:

windows:
- Truecrypt [2]
- CrossCrypt [17]
- DiskCryptor [19]
- FreeOTFE [21]
linux:
- Truecrypt [2]
- Cryptoloop (Deprecated, known vulnerabilities) [18]
- FreeOTFE [21]
- eCryptfs [10]
- dm-crypt [21]
bsd:
- GBDE [20]


---[ 4.3 - Cipher recommendations

The following table is my personal recommendations when selecting a
cipher algorithm:

+----------------------------------------------------------------+
| PARAMETER | RECOMMENDATION |
+--------------------+-------------------------------------------+
| block cipher | AES, Serpent |
+--------------------+-------------------------------------------+
| symmetric key size | at least 128bits |
+--------------------+-------------------------------------------+
| hash functions [12]| SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512)|
| | Whirlpool |
+--------------------+-------------------------------------------+
| key generation | follow PKCS#5 PBKDF2 [13,14] |
+--------------------+-------------------------------------------+

Cryptography for dummies:
- Ciphers: http://en.wikipedia.org/wiki/Cipher
- Block ciphers: http://en.wikipedia.org/wiki/Block_cipher
- Block size: http://en.wikipedia.org/wiki/Block_size_%28cryptography%29
- AES: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
- Serpent: http://en.wikipedia.org/wiki/Serpent_%28cipher%29
- Hash function: http://en.wikipedia.org/wiki/Hash_function
- SHA: http://en.wikipedia.org/wiki/SHA_hash_functions
- Whirlpool: http://en.wikipedia.org/wiki/WHIRLPOOL
- Passphrase: http://en.wikipedia.org/wiki/Passphrase
- Weak key: http://en.wikipedia.org/wiki/Weak_key
- LinuxCryptofs: http://wiki.boum.org/TechStdOut/LinuxCryptoFS


---[ 4.4 - Encrypted communication

To protect your messaging communications you can use the following
open source and free tools:

- pidgin + pidgin-encryption (pidgin-encrypt.sourceforge.net)
- pidgin + pidgin-otr (pidgin-encrypt.sourceforge.net)
- kopete + kopete-otr (kopete-otr.follefuder.org)
- irssi + irssi-otr (irssi-otr.tuxfamily.org)


---[ 4.5 - Avoid logging

Avoid logging anything that could record what you are doing on your
machine. Make sure you do not record you msn, gtalk, irc etc
communications, specially if you are communicating with your fellow
hackers through those protocoles.


---[ 4.6 - Useful tools

Passwords generator:
- makepasswd (linux, bsd)
- PWGen (windows)
- Advanced password generator (windows)
- PC Tools Password Generator (online: www.pctools.com/guides/password/)

Anti-forensics:
- Timestomp, that allows you to modify all four NTFS timestamp
values modified, accessed, created, and entry modified.
- Slacker, tool that allows you to hide files within the slack
space of the NTFS file system.
- Sam Juicer, a Meterpreter module that dumps the hashes from the
SAM, but does it without ever hitting disk.

Secure file deletion:
- Eraser (windows)
- Evidence eliminator (windows)
- WinClear (windows)
- Window washer (windows)
- shred (linux)
- srm (bsd, linux)
- wipe (linux)


------[ 5 - Notes on behavior and trust


Avoid talking about your hacking activities to anyone that is not
directly related to what you are doing. Even if your purpuse is only
to improve your own knowledge, always remember that hacking is
considered to be illegal in most countries.

Avoid looking for fame. Keep in mind the good spirit of someone who
is just having fun and is not looking for anything else. Fame will
only draw attention on you.

Do not trust anyone completely even the people you are working with,
always make sure to back yourself up.


------[ 6 - Keep yourself up to date


It is important to keep yourself updated on what's going on in the
digital forensics world. I recommend following rss feeds of those
sites:
- www.forensicfocus.com
- computer.forensikblog.de
- volatilesystems.blogspot.com
- www.securiteam.com

Adapt yourself to new forensics techniques and discoveries.


------[ 7 - Related reading


Anti-forensic techniques, http://www.forensicswiki.org/wiki/Anti-forensic_techniques
Anti Forensics: Making Computer Forensics Hard, http://ws.hackaholic.org/slides/AntiForensics-CodeBreakers2006-Translation-To-English.pdf
Anti-Forensics: Techniques, Detection and Countermeasures, http://www.simson.net/ref/2007/slides-ICIW.pdf
The Computer Forensics Challenge and Anti-Forensics Techniques, http://www.h2hc.com.br/repositorio/2007/montanaro.pdf
Anti-Forensics, http://www.youtube.com/watch?v=q9VUbiFdx7w


------[ 8 - Final words


I hope this small paper could have helped you. Happy and safe
hacking to you!


fckD




REFERENCES

[1] Url country codes
http://ftp.ics.uci.edu/pub/websoft/wwwstat/country-codes.txt

[2] Truecrypt software
http://www.truecrypt.org/
http://www.truecrypt.org/downloads.php
http://www.truecrypt.org/docs/

[3] Linux Unified Key Setup (LUKS)
http://luks.endorphin.org/
http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS

[4] Gentoo: System Encryption DM-Crypt with LUKS
http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS

[5] Fedora: LUKSDiskEncryption
http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncryption

[6] Ubuntu: Installing Ubuntu 8.04 with full disk encryption
http://learninginlinux.wordpress.com/2008/04/23/installing-ubuntu-804-with-full-disk-encryption/

Ubuntu: Encrypted Swap and Home with LUKS on Ubuntu 6.06 and 5.10
https://help.ubuntu.com/community/EncryptedFilesystemHowto3

[7] Bsd: GELI
http://www.violetlan.net/bsd/25/DiskEncryptionwithgelionFreeBSD

[8] Encrypting Disk Partitions, FreeBSD Handbook, Chapter 18 Storage
http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html

[9] EncFS
http://www.arg0.net/encfs

[10] eCryptfs
http://ecryptfs.sourceforge.net/

[12] List of cryptographic hash functions
http://en.wikipedia.org/wiki/Cryptographic_hash_function#List_of_cryptographic_hash_functions

[13] PKCS #5: Password-Based Cryptography Standard
http://www.rsa.com/rsalabs/node.asp?id=2127

[14] PBKDF2 (Password-Based Key Derivation Function)
http://www.truecrypt.org/docs/pkcs5v2-0.pdf

[15] Loop-Aes
http://loop-aes.sourceforge.net/

[16] CGD
http://www.imrryr.org/%7Eelric/cgd/cgd.pdf

[17] CrossCrypt
http://www.scherrer.cc/crypt/

[18] Cryptoloop
http://www.tldp.org/HOWTO/Cryptoloop-HOWTO/

[19] DiskCryptor
http://freed0m.org/index.php/DiskCryptor_en

[20] GBDE
http://www.freebsd.org/cgi/man.cgi?query=gbde&apropos=0&sektion=4&manpath=FreeBSD+5.0-RELEASE&format=html

[21] dm-crypt
www.saout.de/misc/dm-crypt/


Login or Register to add favorites

File Archive:

January 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jan 1st
    0 Files
  • 2
    Jan 2nd
    13 Files
  • 3
    Jan 3rd
    5 Files
  • 4
    Jan 4th
    5 Files
  • 5
    Jan 5th
    9 Files
  • 6
    Jan 6th
    5 Files
  • 7
    Jan 7th
    0 Files
  • 8
    Jan 8th
    0 Files
  • 9
    Jan 9th
    18 Files
  • 10
    Jan 10th
    31 Files
  • 11
    Jan 11th
    30 Files
  • 12
    Jan 12th
    33 Files
  • 13
    Jan 13th
    25 Files
  • 14
    Jan 14th
    0 Files
  • 15
    Jan 15th
    0 Files
  • 16
    Jan 16th
    7 Files
  • 17
    Jan 17th
    25 Files
  • 18
    Jan 18th
    38 Files
  • 19
    Jan 19th
    6 Files
  • 20
    Jan 20th
    21 Files
  • 21
    Jan 21st
    0 Files
  • 22
    Jan 22nd
    0 Files
  • 23
    Jan 23rd
    24 Files
  • 24
    Jan 24th
    68 Files
  • 25
    Jan 25th
    22 Files
  • 26
    Jan 26th
    20 Files
  • 27
    Jan 27th
    0 Files
  • 28
    Jan 28th
    0 Files
  • 29
    Jan 29th
    0 Files
  • 30
    Jan 30th
    0 Files
  • 31
    Jan 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close