learning hacking? DON'T make this mistake!! (hide yourself with Kali Linux and ProxyChains)

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

if you're using hacking tools like kali linux and you're not doing anything to hide yourself it's kind of dangerous like you could get into trouble you need to learn learn learn hacking [Music] proxies and proxy chains that's how you hide yourself in this video i'm going to show you how they work and how to set them up in cali linux i also have a crazy challenge at the end a hacking challenge using the knowledge you're going to learn in this video if you're up for it the first five people to complete this challenge will win a six-month membership to this is it and a bag of network chuck coffee and also a huge shout out to it pro tv they're sponsoring this part of my journey i use them to learn about proxy chains and everything else hacking i've learned so far so if you want to check them out if you want to learn hacking ccna a plus whatever link below use code network chuck 25 off forever so you're ready you're ready to hack you fire up kali linux you've got your tools ready you're ready to hack somebody let's do it you've got your target david bomble we're going to use nmap to find out more information about his stuff we'll even be stealthy about it with the ss command and boom we're hacking and look at that i got some recon on david bomble do you know what you just did you may have learned a few things about david but he also learned a few things about you all this scanning that you just used to find out about david his system flagged it his firewall saw what you were doing it blocked you and even worse he knows it was you because every scan you send has a from address a nice little note that says hey it was me i'm doing it i'm hacking that's your ip address and david now that he knows your public ip address can report you and you go to jail but chuck i had a mask on doesn't matter if you don't do something to hide the fact that all of these messages all these attacks are coming from you you're in trouble or at least are very close to being in trouble now before i show you how to hide yourself let me tell you this i'm speaking strictly in the context of ethical hacking having a business is explicit permission to do this anything else don't do it there are a few ways to hide yourself but i want to focus on proxies and more specifically proxy chaining how does that work with the proxy instead of sending all of our attacks directly to david from us telling david exactly who's doing it hey it's me we'll use a middleman a go-between a proxy we'll call these proxy servers so now when we attack david we'll send our attacks through the proxy server and if david does happen to catch on and see the attack and he goes hey who's attacking me he'll see the ip address of the proxy server and not us now we have to be careful here because what could happen is david was tell the police hey someone's attacking me and the police see the ip address of the proxy server and go yeah that's a proxy server we're going to contact them and find out who attacked you and the proxy server will have logs logs that could tell them that hey there's actually this guy over here you that used the proxy server to attack david and then you're busted so what do we do well um let's use some more proxy servers how about that instead of sending our attacks through just one proxy we'll send it through multiple proxies send it to this guy then hop to this guy then hop to this guy and then finally we're attacking david this is what's called proxy chaining we're chaining together multiple proxy servers to hide ourselves so if david did tattle on us and tell the police the odds of them going through each of these servers and going through their logs and finding us through all this mess pretty slim chance now not impossible this is not a foolproof situation where you'll never be discovered no solution is but it does make it crazy difficult so uh how do we do it let's do it right now we're going to use an app called proxychains which if using kali should be pre-installed all we have to do is configure it so first we gotta locate the configuration file so here at the command line i'll do locate and i'll type in proxy chains hit that and the first option up there should be where your stuff is yep right there etsy forward slash proxychains.conf the reason we use this command is yours could be in a different spot this will help you find it and this is the file we're going to edit so i'm going to jump in there i'll do sudo and i'll use vim as my editor so i'll hit vi and then i'll put my path in etsy proxychains.conf now there are three main modes we can run this in and one we're gonna ignore dynamic strict and random we're not gonna do strict so we're actually gonna end up commenting that out with a hashtag with dynamic we'll put our list of proxies in we can have a lot let's say we have four dynamic will go through each proxy in our list and chain them together and use it in the order we put them in every single time unless one of them is out of commission not responding not usable it'll just skip it with random it's um it's random same deal let's say we have a list of four proxies it will randomly choose one proxy to use which is fine in a lot of cases because it keeps your targets guessing like oh where is it coming from where is it coming from all these different ip addresses but personally i like dynamic because we put a lot of proxies in between us and the target making it harder to find us so to make that magic happen i'll put my cursor there i'll hit i for insert and i'll remove that hashtag which makes that configuration active and we want to comment out or put a hashtag in front of strict chain disabling that option so we got our mode we're not done yet let's keep going we're going to scroll down now here's an option we're not going to touch but it's good we have it enabled by default proxy dns if we were to comment the setting out and not use it our dns request would still be coming from us so when we try to discover what i p address davidbomble.com has that particular request would come from ipa address let's just say 10.1.0.4 and that could be a way that people find out where the hacker so best case is you want to proxy everything even your dns request through your proxy that way no one can find you now as we scroll down the only thing we have to look at now is our list of proxy servers and here's the format right here we have the type the server ip address and the port we're going to use and if it has authentication you'll put the username password right here now you might be wondering what's with the different types what's the difference we're not going to cover that right now that's a whole other video just know that sox5 is better than sox4 as you might assume and in addition to http we also have https so all you have to know right now is these types will help you proxy your connections help you to hide yourself some are more secure like https or sox5 so let's move on past the example and start adding our list now by default we already have something here this proxy server is pointing to 12701 which is our loopback address which is pointing to us this default config is actually going to be using what's called tor or the onion router we would have to have this service enabled on our kali linux box here we're not going to mess with tour right now just know it's your gateway to the dark web and there's a lot of proxies involved so we're going to skip that for now so i'll put a hashtag in front of that to comment that out and i'm going to put my first server in the type of this proxy will be sox4 and then i'll put a space between that and the host ip address and then a space and the port and that's pretty much it i'm going to hit escape colon wq to write and quit done so now how do we use it watch this i'll use the command proxy chains this is what you'll do whenever you want to use your proxies you'll put this command right before your other commands so let's try out um let's try firefox i want to verify this is actually working first so i'll go out to google.com and let's do it and we're there now real quick let's go back to the command prompt and see what crazy stuff happened and it's still happening we can see here that first we have our dns request to find out hey where is google.com and we are indeed proxing it through that proxy i configured and once it learned the ip address of google it proxied our connection to google through well the proxy now let's go see where we are let me get back to our browser i want to type in first what's my ip address so great the public ip address does match up to the proxy i was using if i type in where am i it's going to tell me where i am and this doesn't tell us much but i can tell you right now that i am in thailand so good luck finding me so i'm sending all of my commands through a proxy server in thailand which is kind of crazy but also kind of cool like let's try one real quick let's go back and hack david david will never find me in thailand so once more i'll start with proxy chains and i'll use the nmap command this time i'm going to use a tcp connect scan and i'll search for ports uh 80 and 443 on david bomble's website i'll use the ip address this time and let's see what happens now how cool is this every single command went through the proxy and went through thailand to discover if these ports respond so as i'm pin testing david's site as i'm doing vulnerability scans and such he doesn't know it's me he thinks some person in thailand and i get my info now this is just one proxy let's add one more to the list i'm going to hit i to start editing and just below my first server i'll put my second server here this one will be http and then i'll put a space and the iap address and then the port number space 8888 escape colon wq and we're ready to rock let's make sure it works first i'll do proxy chains firefox google.com and okay looks like it may have worked let's do what's my ip and there we go look at that let's take a look at our command prompt here's the chain right here how crazy is this we first have our thailand chain and this is actually a server on aws that i set up a proxy i set up and then or finally to google isn't that amazing i i love that let's see how it looks when we use nmap so i'll do proxy chains nmap dash st for a tcp connect dash p and i'll put ports 80 and 443 and then david bomble's ipa address boom how cool is it look at this it's going through the chain and checking but how insane is this it's going from me to thailand to aws which i don't know where that is specifically to david how's he ever going to find me and if i keep adding more proxies i'm hidden man i'm i'm gone now i'm sure you're wondering where do i find these proxies i want to try this out where do i get these thailand servers just google them really watch this i'll fire up firefox go to google and just type in free proxy server list if you scroll down one good site is spies.one now i'll tell you this not all proxies are created equal or will work so you might have to go through a few and test them but that's how you would find them just googling and trying them out all right are you ready for the challenge check this out so this is the proxy chain challenge here's what you have to do first you will need kali linux to run this you'll do exactly what we demoed in the video today and the challenge here is that you have to use all three of these proxies to get to this web server right here and this is another use of proxies you can use them to hide yourself you can also use them to gain access into other networks which is what's happening here now you must use all three proxies in this order in your configuration file why well because you can't access this proxy directly right here you can only access it from this ip address you can't access this proxy directly you can only access it from this ip address so once you have your proxy set up and you have all your traffic going through these proxies you'll get to here where you have to find this web server this web server has a private ip address and this range right here the only way you can access these private ip addresses is by going through all three of these proxies you'll need to scan this subnet using nmap to find the right host that has port 80 open once you've identified which host has port 80 open then you'll need to access the website and of course you'll have to access it via the proxy chain it's a private ip address that's only accessible through the entire chain and on that website you'll have further instructions now a hint on the nmap stuff right here none of the hosts in this group will respond to a ping and you may recall from the map video that map will initially send a ping to make sure the hosts are up before attempting to see which ports are open so you'll need to make sure that nmap isn't going to ping and do that check to avoid that we'll use the switch uppercase p lowercase n this will avoid the ping the initial ping to see if the host is up and just go for the tcp connect and that's what i would do i would use the tcp connect dash s t lowercase s capital t and of course you got to use your proxy chains otherwise you'll get nothing okay to sum this up real quick you're going to configure the proxy chains i just showed you in your proxy chains file in kali linux you'll then use nmap and proxy chains to scan the private ip address range of 172 31 172.32 29 and you're looking for the active web server that has port 80 open once you identify which host that is access that website through proxy chains and on that website you'll find the next step the further instructions good luck only five winners well guys that's about it let me know what you think of this video if you like the challenge let me know if you complete the challenge below um i set this up in aws and i hope it doesn't break it was it was fun to make though any comments or questions let me know below again huge shout out to itprotv for sponsoring this part of my journey i encourage you to check them out if you're looking for it training okay proxy chains got to keep yourself safe i'll catch you guys later [Music] foreign

Info

Channel: NetworkChuck

Views: 1,616,413

Rating: undefined out of 5

Keywords: kali linux, proxychains kali linux, how to, ethical hacking, how to stay anonymous online, kali linux tutorial, proxychains tor, ip address, proxychains kali linux 2020, kali linux proxychains, kali linux 2.0, how to hack, kali linux hacking tutorials, proxychains kali linux 2.0, kali linux tutorial for beginners, kali linux for beginners 2020, kali linux raspberry pi 4, kali linux 2020.1, kali linux 2020, kali linux commands, kali linux tools

Id: qsA8zREbt6g

Channel Id: undefined

Length: 12min 49sec (769 seconds)

Published: Sat Aug 01 2020