September 1st, 2003, 06:52 AM
::::::For educational purposes:::
the word "proxy" is what you probably already understand, but in case you don't, you should.
So you're hooked and doing stuff of which the offline world says it shouldn't be done. Does the ideology of outsiders bother you? Of course not... unless it can get you into trouble. There are 2 peeps who can see what you're doing: First of all: The remote SYSOP (SYStem OPerator; the guy who owns the system or network that you're messing with). He can see the IP of the aggressor (that is you). We'll get
back on that...
Second dude? Your very own ISP (Internet Service Provider; the asses at AOL, Skynet....). They might not be so found of your actions either, but usually, they don't give a flying **** as long as no one's complaining. So here's how the nfo's flowing:
YOU <=> your ISP <=> Remote 'puter
What can happen? The ISP can see your actions, but usually doesn't monitor them because it's too much work. They'll probably only log it, so as long as no one seems to have a reason to dive into the log files there's no problem.
The remote SYSOP notices he's being attacked (or he notices he was attacked some time ago in case he's a lazy overpaid slacker). He'll be able to see your IP-address, a unique number designated to all 'puters hooked to the 'net, or he'll find it in the logs which he certainly has.
Does this mean trouble? Well, there's not much he can do with no more than that IP. The worst he can do (if he can't rehack you ) is find out who your ISP is any kid can do that), find the email address of the complaint department and lay down some lines containing your IP and the time of the action. That's it. He doesn't know your name, address, etc. Just that IP.
Your ISP has a name and address to which they send the bill.
As for dynamic ip`s Why do you think your ISP keeps those logs.They check 'em out and see that the mentioned IP was taken by YOUR ACCOUNT at the moment. Usually, they'll log all the stuff you did to, so they can check your victim's story. So the link is made.
What will this mean? 9outta 10 times is:
first time busted: A mail in which they confront you with the events, and ask to explain yourself. They might add that if your explanation stinks, they'll take legal action (yeah right). Your reply: "huh? porthack? Internet? Computer?" To wipe them off their feet with the legal stuff.
Second time busted: 48 hours off-linet
hird time busted: bye bye account! Time to pay up and get yourself another ISP.
As said, this is is 9 times outta 10. I'm not saying you won't be convicted without a trial if you go screw up FBI servers, or disappear from the face of the earth after messing with KGB info..
Now to get to where we wanna go in the first place: a remedy. Wouldn't it be sweet if you could convince another computer to take all the action you just took, like you told your
ISP someone did to you in your first reply? Of course it would, and it's easy. First of all, a view of what happens now. Here's how the info is flowing now:
[YOU] <=> [your ISP] <=> [A proxy] <=> [Remote 'puter ]
So, the Remote SYSOP can still see stuff's going down (unless you're good of course), but he'll see the proxy's IP. This is where the chain breaks. If the proxy's any good, the remote SYSOP will not be able to retrieve your IP, so he doesn't know who to complaint to nor does he have any idea about whom (don't send this guy your name and address, even if he seems to plan to send you money. This may sound stupid, but many were busted this way). In fact, let's take this option out of the brackets and see what the results could be.
Unlike your ISP, the Remote SYSOP IS likely to want to spend some time in filing complaints et You were stupid enough to give him your address. The victim will kindly send this info
to the FBI and the (cops). If you live in a non-US country, the alien cops can't touch you. Nor can the Feds, but US-friendly countries tend to take legal action when the FBI asks them nicely.
So, surprise surprise, in stead of a check, your own police department lands at your doorstep. At this point you peek through your window. If you can see a house search warranty, take a last look at your stack of warez, MP3's and DivX movies. Next move: you jump out of
that window and hope to die. In conclusion, giving your real name/address o your victim is not advised. So let's proxify ourselves, shall we? First thing you need to do is find one of those proxyservers.
Again, we can identify this server by an IP, like any server. 1337357 thing to do is scan (this means: checking IPs one by one automatically for proxy-capabilities). Download a scanner (available from the net. May I advise searching with google?) The proxyscanner will
need a range. This basically means a set of IPs to check. An IP consists of 4 numbers. Give your scanner 3 numbers (e.g. 12.2.140, just making something up here.)
BTW, ranges starting with a 12. are usually quite fast). Sometimes the scanner will kick in with this info, sometimes you'll need to actually type the start- and end IP (22.214.171.124 - 126.96.36.199 if you wanna scan the whole range). What'll happen?The scanner will check if 188.8.131.52 can be used as a proxy. Then it'll try 184.108.40.206 etc. until all 254 servers are checked. Put in 220.127.116.11 - 18.104.22.168 to check 12.2.140.*,
12.2.141.*, ... , 12.2.150.*. You get it, right?
The replies you can get out of this are: #0, #404, #403, #402, and, well, basically anything with a 4. This means your 'puter asked "Hey! Can I use you as a proxy", the remote server's reply was "get bent". Not useful.
The most annoying one is 'timed out'. Your puter said "Hey! HEY!!! Hellow?". The remote computer says nothing. This doesn't necessary mean the remote 'puter wasn't online or doesn't exist. Some people have their ports on 'stealth' n stead of 'closed', causing them not to reply at all. Why? Well, a #4** comes in pretty fast. Result: server useless, on to the next
one. If the server doesn't respond, the scanner will keep waiting for an answer since it might be far away. After a certain time, the scanner gives up all hope of getting an answer and moves on to the next IP. This takes a lot longer then receiving a #4**.
The final, kickass reply is a #2**. If it isn't fake, your scanner will display the word 'GOOD' or 'OK', depends on what scanning program you found.
You can just guess a range together, like I just did, but chances are the range is bought by
a company/organization that isn't using 'em. 254 packets sent, 254 time-outs. Better is to find yourself a range which is likely to have some proxies on it. Most university networks use proxy, so do those or big companies, etc. These people have one or more ranges
at their disposal. What I advise you to do: get the URL of a university's website (preferable a Korean or Eastern-European one or something like that), resolve the IP from the host name (can usually be done by your scanner), and scan the range in which the IP was found.
If you've got a lot of time, scan a few hundred of them ranges :].
You can't get started yet, there's one thing you need to know. If your scanner's a bit universal and can handle more than one kind of proxy, or more than proxies in general, you'll need to specify a port for your targets. See, a connection to a 'puter takes place on a port. There are more than 65000 ports that can be used. A SYSOP wanting to turn one of his devices into a proxy can do this on any of these ports. Fortunately, there are some ports most SYSOPS prefer. In fact, every type of proxy sort of has its
own common port. The kinds of proxy's you'll need are socks4, socks4a, socks5 and http (maybe some wingates too, but do they count as proxies?).
All the socks are usually found on port 1080, HTTP proxies will
mostly be located on 80, 3124, 8000 or 8080. If you can have your canner check the IP's on several ports, these should certainly be in them. You'll mostly find HTTP-proxies. They aren't as eagerly wanted as socks proxies, but you can still do a lot of nice stuff
with them. First of all, HTTP-actions (IIS scanning, brute-force hacking loginasses for a certain type of site), but some of them can be used for FTP (so you can use them as a proxy while pubscanning, -filling or -leeching), others for IRC, etc. These functions can
be checked by the better scanning program, but in most cases you'll need an external proxy checker/analyser. Make sure it supports these
- verify: You've found some proxies which
replied 'OK'. Nice. Next day. How do you know if your proxies still work? Verify 'em. Is it necessary? Well, servers can go offline or change. Several proxy servers are infected (and unaware) clients.
Once they go offline, they might receive a different IP, or a virus scanner could removethe infection, who knows. But these dynamic IPs aren't what we're after in most cases. Nevertheless, before you fill in your proxy in your whateverthehellyouareusingitfor, you might want to know if the proxy's still working. So verify.
- Anonymity check: It's not because you're behind a proxy that your worries are over. Never forget the ISP, and the proxy tself. If it allows the command sender (you) and the receiver (your victim) to request each others IP, a SYSOP with a brain might get
your IP anyway. Hence, you'll need to connect to the proxy and try to retrieve your IP from it via a connect back to a port on your
machine; an anonymity check.
- Delay: This has nothing to do with the speed with which a file will be sent through the proxy. This merely indicates how long it'll take to send commands
to your victim (and kinda shows you how far the proxy is located from you). So if you're gonna do a lot of communicating with the remote machine, but not much file transfer and/or the files aren't that big, your preference should go to a proxy with a low delay
time (also known as ping time) earlier than to a proxy with a great
- Speed: This let's you know how much data the proxy can send to your machine each second. As said, this doesn't mean interactions will go faster, this means transferring large
files will kick ass. If you wanna compare all this with a highway
on which all cars drive exactly as fast as each other: The delay
is directly linked to the distance from you to the other person.
The speed is linked to the width of the highway (does "bandwidth"ring
a bell), and the wider the highway, the more lanes it has. If you're
gonna send a lot of messages to a friend (e.g. chat), you'll want
to keep the highway as short as possible. That way, a car will arrive
soon and return soon. In this strange landscape, a car drives just
as fast on a 2 lane highway as it would on a 20 lane highway. If
you want to move a big cargo, you'll need a load of cars. If you
need to pour them into one lane, you'll get an endless stream of
The distance they need to travel is a lot shorter
than the size of the line of cars. Better would be to get yourself
a highway with a lot of lanes, even if it doesn't head directly
for your target. With 20 lanes, you can send out 20 times more cars
per second than with one lane. The extra time they need to get there
can be ignored because there are so many cars. Get it? So lot of
chatter: low delay time, Big files: High speed.
Can the proxy be used for FTP? Socks usually can, but they're quite
uncommon. HTTP-proxies can rarely be used for FTP, but there are
loads of them... I think it's sort of balanced out.
Was there anything else?.. O yeah, scanning is illegal, so use
a proxy when scanning. How can I use a proxy for scanning for proxies
when I don't have one yet? Sometimes scans get posted on sites,
get one from there. Most of these proxies that are on websites become
heavily used, causing them to be slow, and due to the heavy traffic
all of a sudden, the proxy's SYSOP might find out about the (unwanted)
use of his/her box faster. So they're hardly as useful as the ones
you scan yourself. Just get yourself a list, verify, check for anonymity
and make sure there's a low ping to it (speed is
if you have a good one in there, use it to scan. The ones you scan
yourself will be lesser known, hence lesser used, hence remain standing
longer and have a lot of bandwidth available (speed=good)...
You can fool your ISP while scanning by randomizing your
queue. The ISP can easily detect (automated) that you connect to
IPs which miraculously seem to follow in order. Randomizing turns
X.X.X.1, X.X.X.2,... into X.X.X.145, X.X.X.73,... It's random, baby!
Stay out of these ranges!
6.*.*.* - Army Information Systems Center
21.*.*.* - US Defense Information Systems Agency
22.*.*.* - Defense Information Systems Agency
26.*.*.* - Defense Information Systems Agency
29.*.*.* - Defense Information Systems Agency
30.*.*.* - Defense Information Systems Agency
49.*.*.* - Joint Tactical Command
50.*.*.* - Joint Tactical Command 55.*.*.* - Army National Guard Bureau
22.214.171.124 - 126.96.36.199
205.96.*.* - 205.103.*
207.30.*.* - 207.120.*
207.60.*.* - 207.61.*
216.25.*.* <-- REAL DANGEROUS
216.247.*.*<-- REAL DANGEROUS
155.7.*.* American Forces Information (NET-AFISHQ-NET1)
155.8.*.* U.S. ArmyFort Gordon (NET-GORDON-NET5 )
155.9.*.* United States Army Information Systems Command (NET-LWOOD-NET2)
155.74.*.* PEO STAMIS (NET-CEAP2)
155.76.*.* PEO STAMIS (NET-CEAP4)
155.77.*.* PEO STAMIS (NET-CEAP5)
155.78.*.* PEO STAMIS (NET-CEAP6)
155.79.*.* US Army Corps of Engineers (NET-CEAP7)
155.80.*.* PEO STAMIS (NET-CEAP
155.81.*.* PEO STAMIS (NET-CEAP9)
155.82.*.* PEO STAMIS (NET-CEAP10)
155.83.*.* US Army Corps of Enginers (NET-CEAP11)
155.84.*.* PEO STAMIS (NET-CEAP12)
155.85.*.* PEO STAMIS (NET-CEAP13)
155.86.*.* US Army Corps of Engineers (NET-CEAP14)
155.87.*.* PEO STAMIS (NET-CEAP15)
155.88.*.* PEO STAMIS (NET-CEAP16)
155.178.*.* Federal Aviation Administration (NET-FAA)
155.213.*.* USAISC Fort Benning (NET-FTBENNNET3
155.214.*.* Director of Information Management (NET-CARSON-TCACC )
155.215.*.* USAISC-FT DRUM (NET-DRUM-TCACCIS)
155.216.*.* TCACCIS Project Management Office (NET-FTDIX-TCACCI)
155.217.*.* Directorate of Information Management (NET- EUSTIS-EMH1)
155.218.*.* USAISC (NET-WVA-EMH2)
155.219.*.* DOIM/USAISC Fort Sill (NET-SILL-TCACCIS)
155.220.*.* USAISC-DOIM (NET-FTKNOX-NET4)
155.221.*.* USAISC-Ft Ord (NET-FTORD-NET2)
128.47.*.* Army Communications Electronics Command (NET-TACTNET)
128.50.*.* Department of Defense (NET-COINS)
128.51.*.* Department of Defense (NET-COINSTNET)
128.56.*.* U.S. Naval Academy (NET-USNA-NET)
128.63.*.* Army Ballistics Research Laboratory (NET-BRL-SUBNET)
128.80.*.* Army Communications Electronics Command (CECOM) (NET-CECOMNET)
128.98.*.* - 188.8.131.52 Defence Evaluation and Research Agency (NET-DERA-UK)
128.154.*.* NASA Wallops Flight Facility (NET-WFF-NET)
128.155.*.* NASA Langley Research Center (NET-LARC-NET)
128.156.*.* NASA Lewis Network Control Center (NET- LERC)
128.157.*.* NASA Johnson Space Center (NET-JSC-NET)
128.158.*.* NASA Ames Research Center (NET-MSFC-NET)
128.159.*.* NASA Ames Research Center (NET-KSC-NET)
128.160.*.* Naval Research Laboratory (NET- SSCNET)
128.161.*.* NASA Ames Research Center (NET-NSN-NET)
128.183.*.* NASA Goddard Space Flight Center (NET-GSFC)
128.216.*.* MacDill Air Force Base (NET-CC-PRNET)
128.217.*.* NASA Kennedy Space Center (NET-NASA-KSC-OIS)
128.236.*.* U.S. Air Force Academy (NET-USAFA-NET)
September 1st, 2003, 06:55 AM
Holy crap. This is a good intro. Have more?
September 1st, 2003, 07:01 AM
Bukhari:V3B48N826 The Prophet said, Isnt the witness of a woman equal to half of that of a man? The women said, Yes. He said, This is because of the deficiency of a womans mind.
September 1st, 2003, 07:18 AM
Hey... I can see someone cuting & pasteing source without atleast understanding the code & adding improvements, kinda lame but thats nothing new... And he's not the first guy I've seen who has C&Ped tutorials though thats probably ten times worse...
But dude... why in hell did you have to go & damn cut and paste parts from my ****ing name like that, man?!?!?!
September 1st, 2003, 07:25 AM
HAHAHAHA... specialist put the gun down. i`ve had this handle for awhile on IRC,
Damn tedob,,,good eye. Hell i thoght it was justified when i added my own ending. Good read nonetheless.
September 1st, 2003, 07:37 AM
This tutorial, the original, or both... are also somewhat flawed in some ways. In one part it says scanning is "illegal" but scanning deppending where you live...is very legal. I've been toying with a large assortment of scans and I have never even been booted by my ISP before... alot of times peaple are to lazy to even care, yet alone take the time and tax dallors to arrest somebody over something so small.
September 1st, 2003, 07:48 AM
Some scans are noisier than others.
September 1st, 2003, 08:13 AM
Sure thats if you ICMP and it responds with a game of pong with all the music, lights, & sound effects of Atari begins to play... or if you port scan and the syn sounds like bombs droping on perl harbor... And then netstumbler type programs usually beep when it finds a access point... But other than you sounding like a tottal idiot, what does sound have to do with the fact that you've taken a somewhat flawed tutorial & added small and worthless changes in a lame attempt to appear atleast half-way intellegent... and to say the least ("Why pretend to be something your not")
Originally posted here by The|speçtral_
Some scans are noisier than others.
September 1st, 2003, 09:14 AM
The site FAQ's speak for themselves, this tut should be delegated before it is cataloged on Google like the original is. And plagiarism is plagiarism, no respect at all for a lammer!
I still do not understand why someone would scan a network that did not fall under their responsibility if they did not have malicious intent.
I am a firm believer in freedom, AND freedom of speech and I do not want to get into a pissing contest with anyone ( age and enlarged prostate, all that **** ), but I know of nowhere in the U.S. Constitution, any State Constitution, or any where else that guaranties anonymity for said speech or one's actions. The Common Law expectation of one's privacy is extended only to what one maintains as private, not that which is stated publicly. The Internet is public. It is for all people to exchange ideas, knowledge, wisdom, experience, and make a dollar through advertising. But then again, I see the world through rose colored glasses!
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
September 1st, 2003, 03:12 PM
I should have known this to be too good to be true. The AntiOnline legacy lives on.