Hacking with proxys
Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Hacking with proxys

  1. #1
    Member
    Join Date
    Feb 2003
    Posts
    47

    Hacking with proxys

    If a hacker wants to cover his tracks by using a proxy server are there any limitations?.
    Ect i heard someone that i know say he used to brute force hotmail passwords using 90 anon proxy servers .Is this possible,can you port scan and DDos thru 90 proxy servers aswell?.I thaught if you tryed brute forcing hotmail with that many proxy servers would'nt you flood ur own box or sumin?.I need someone to help me understand please..

    (Sorry if i brought up hotmail and brute forcing in the same sentance but i am just trying to understand the limitations of proxy servers so ect if i get portscanned i want to know if its coming from the intruders computer or a comprised one or if its possible to hide behind a proxy.)
    Share on Google+

  2. #2
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    The limitations of proxy servers, for the most part, are set up mostly with those proxy servers and your own computer. In theory, you can do whatever you want or need to do, but it depends largely on the various settings.

    Look into your computer's settings, and make sure you're doing some tunnelling if you intend to try this. A good way to TRULY test this is to use two different computers (both your own) and hide one behind a proxy server. Do the attacks and look at the logs for the appropriate IPs.
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.
    Share on Google+

  3. #3
    Senior Member
    Join Date
    Oct 2002
    Posts
    1,130
    A proxy server works by routing all your traffic through it, acting as a relay.

    Some simply forward traffic for you and do not change the packets any. These can be used to send your traffic through specific geographic areas, maybe for speed benifits.

    Others will change the source address and make the packet appear to be coming from them. So the true source is therefore hidden.

    However, a record is kept in most cases and these records can be subpoenaed by authorities. So it will make it harder to find you, but not impossible.

    No, it is not possible to use proxy servers for distributed computing projects unless they were designed for it or you can somehow manage to find that many with an appropriate trojan on them.
    Government is like fire - a handy servant, but a dangerous master - George Washington
    Government is not reason, it is not eloquence - it is force. - George Washington.

    Join the UnError community!
    Share on Google+

  4. #4
    Senior Member
    Join Date
    Nov 2003
    Posts
    247
    Many proxies will give the documentation, will provide this kind of information about their settings. That's why its very important to check. If nothing else, you can always do the test I prescribed above.
    www.ADigitalPimp.com
    There is a ghost in the machine, and he is my friend.
    Share on Google+

  5. #5
    Member
    Join Date
    Feb 2003
    Posts
    47
    Ok thanks just wanted to know if it could be done.Second question i have is i know you can add proxy servers to a web browser like internet explorer by navigating to: tools,internet options,connections,settings and selecting use proxy server.My question is in windows is there a different way to add proxy servers like say add them to a file on ur comp without entering them in the browser,or not?
    Share on Google+

  6. #6
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    The kind of traffic that can be passed by a proxy, depends on the type of proxy used(HTTP,SOCKS,CGI). Although I don't see how you could use a normal proxy for port scans, I see no reason why someone couldnt use multiple proxies to BruteForce an HTTP authentication. Here is a link for some basic info on different proxies.

    http://www.freeproxy.ru/en/free_proxy/faq/

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier
    Share on Google+

  7. #7
    Go to properties of ur network neighbourhood and play around with it ,u will learn a lot.
    But always remember that u can always be traced if wanted
    Share on Google+

  8. #8
    Senior Member Spekter1080's Avatar
    Join Date
    Oct 2005
    Location
    Iowa
    Posts
    101
    I understand about getting access through proxies to view web pages, but how does one use them when using these programs? Do they somehow change the routing table or something? Could it be a setting in the actual scanner/brute forcer (or whatever other program)?
    there's always a way in...
    Share on Google+

  9. #9
    Junior Member
    Join Date
    Aug 2004
    Posts
    28
    Spekter1080
    Most scanners and Brute force programs do indeed have options/setting to scan/ bruteforce through a proxy.

    I also believe (not sure) that their is a program you can run on the background where you can assign a proxy to it, so that every outgoing data is going through that proxy.


    Dominatorx
    I dont think you can know if a portscan is coming from a proxy or from an intruder.
    Unless you can find the contact info of the proxy, so you can ask the admin of the proxy to check out his logfiles.
    If the ip is coming straight from the intruder, you can contact his isp.
    A way to find his isp is by using nslookup.

    -mlite
    Share on Google+

  10. #10
    Senior Member Deeboe's Avatar
    Join Date
    Nov 2005
    Posts
    185
    I am not too sure Dominaterx will answer your posts as the thread was started back on 11-24-2003. Also, this is the last post Dominaterx has posted... I think they have moved on...

    -Deeboe
    If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.
    - Sun Tzu, The Art of War

    http://tazforum.**********.com/
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •