anonymity

Linux – Fake File Access, Modify and Change TimeStamps

Posted on by admin

Files in Linux have 3 types of timestamps: atime (access), mtime (modify) and ctime (change).

Someday you may have a situation when you would like to fake a timestamps of some file.

atime and mtime timestamps can be easily changed using touch command, but there is no a standard way to set a different ctime timestamp.

As a possible workaround you can set the system time to the ctime you want to impose, then touch the file and then restore the system time.

Read the below article to learn how to change a file’s timestamps and keep anonymity. (more…)

7 Comments

Anonymous Port Scanning: Nmap + Tor + ProxyChains

Posted on by admin

In this article i will explain how to stay anonymous during port scanning with Nmap (utility for network discovery and security auditing).

I’ll show how to perform an anonymous port scanning through the Tor network, using ProxyChains utility.

I’ll also show how to get round a situation where scan fails, because Tor endpoints are blocked.

Install Tor + Nmap + ProxyChains

To perform an anonymous port scanning, we need to install the following tools:

Package Description
tor Anonymizing overlay network for TCP
nmap Network port scanner
proxychains Redirect connections through proxy servers

Tor

Install Tor from the standard repositories:

$ sudo apt-get install tor

Nmap

$ sudo apt-get install nmap

ProxyChains

$ sudo apt-get install proxychains

ProxyChains is already configured to use Tor by default.

You can verify this by looking up /etc/proxychains.conf.

The last lines should be like these:

[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4 127.0.0.1 9050

Anonymous Port Scanning Through Tor

Run the following command to perform an anonymous Nmap scanning through Tor network:

$ proxychains nmap -sT -PN -n -sV -p 80,443,21,22 217.xx.xx.xx
ProxyChains-3.1 (http://proxychains.sf.net)

Starting Nmap 6.00 ( http://nmap.org ) at 2014-03-24 17:34 EET
|S-chain|-<>-127.0.0.1:9050-<><>-217.xx.xx.xx:443-<><>-OK
|S-chain|-<>-127.0.0.1:9050-<><>-217.xx.xx.xx:21-<><>-OK
|S-chain|-<>-127.0.0.1:9050-<><>-217.xx.xx.xx:80-<><>-OK
|S-chain|-<>-127.0.0.1:9050-<><>-217.xx.xx.xx:22-<--denied

Nmap scan report for 217.xx.xx.xx
Host is up (0.14s latency).
PORT    STATE  SERVICE  VERSION
21/tcp  open   ftp      Pure-FTPd
22/tcp  closed ssh
80/tcp  open   http     Apache httpd 2.2.26 ((CentOS))
443/tcp open   ssl/http Apache httpd 2.2.26 ((CentOS))

In the scan log we can see the ‘chain’ that goes from Tor-proxy (127.0.0.1:9050) to our scanned host (217.xx.xx.xx).

Nmap Through Tor: Get Round Blocked Endpoints

It is possible that we will encounter a situation where scan fails, because Tor endpoints are blocked.

The solution may be in adding common public proxy server to the ‘chain’.

We can do that by simply editing the /etc/proxychains.conf and adding a new entry at the end of the [ProxyList] (be sure that random_chain option is disabled).

[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4  127.0.0.1 9050
socks4 115.71.237.212 1080

The new ‘chain’ goes through the Tor-proxy (127.0.0.1:9050) to some public proxy server (115.71.237.212:1080) and then to our scanned host (217.xx.xx.xx).

$ proxychains nmap -sT -PN -n -sV -p 21 217.xx.xx.xx
ProxyChains-3.1 (http://proxychains.sf.net)

Starting Nmap 6.00 ( http://nmap.org ) at 2014-03-25 11:05 EET
|S-chain|-<>-127.0.0.1:9050-<>-115.71.237.212:1080-<><>-217.xx.xx.xx:21-<><>-OK
|S-chain|-<>-127.0.0.1:9050-<>-115.71.237.212:1080-<><>-217.xx.xx.xx:21-<><>-OK
Nmap scan report for 217.xx.xx.xx
Host is up (1.2s latency).
PORT   STATE SERVICE VERSION
21/tcp open  ftp     Pure-FTPd

In the examples above, i run Nmap with the following options:

Option Description
-sT full TCP connection scan
-PN do not perform host discovery
-n never perform DNS resolution (to prevent DNS leaks)
-sV determine service version/info
-p ports to scan

Scanning through Tor is very slow. That is why, i’ve scanned only several specified ports in the examples above.

Lists of Free Public Proxy Servers

Even if you are using proxy, all your DNS queries still go to the DNS server of your ISP.

To prevent DNS leaks, use tor-resolve command to resolve a hostname to an IP address via Tor network:

$ tor-resolve google.com
173.194.34.174
9 Comments

Removing EXIF Data From Images and Photos in Linux

Posted on by admin

Most digital cameras and cell phone add EXIF metadata to the images.

EXIF metadata includes camera specifications, settings, location (GPS coordinates) and more.

If you’re worried about the privacy, you may want to anonymize your images and photos by removing all the EXIF metadata.

In this small guide, i’ll show how to read and then remove all EXIF metadata, using Linux command line utility, named ExifTool.

Install ExifTool

Under Ubuntu/Linux Mint/Dedian etc.:

$ sudo apt-get install libimage-exiftool-perl

Read EXIF Metadata from Image

Extract and view all EXIF metadata from an image or photo:

$ exiftool image.jpeg

Remove EXIF Metadata from Image

Remove all EXIF metadata from an image or photo:

$ exiftool -all= image.jpeg

Remove EXIF Data from Multiple Files

The next commands, also makes copies of the original files with the “_original” prefix.

Go into the directory with the images.

Execute the following command to remove all EXIF metadata from all images in the current directory:

$ exiftool -all= *

Remove EXIF metadata from images with “.jpeg” extensions only: 

$ exiftool -all= *.jpeg
7 Comments

HowTo: Install Tor on Linux – Ubuntu/Debian/Mint etc.

Posted on by admin

This guide describes how to install Tor Client on the Debian based systems like Linux Mint, Ubuntu etc.

Tor or The Onion Router – is an encrypted network that can route your traffic through relays, making the traffic appear to come from exit nodes.

Unlike with proxies, the exit node itself doesn’t know your IP address or where you are.

To redirect connections through the Tor network we will use ProxyChains utility.

Set Up an Official Tor Repository

Edit /etc/apt/sources.list file.

$ sudo vi /etc/apt/sources.list

Append the following line:

deb http://deb.torproject.org/torproject.org <RELEASE NAME> main

e.g.

deb http://deb.torproject.org/torproject.org jessie main

Do you know the RELEASE NAME of your distribution?

If you don’t know the release name of your distribution, you can find it out by running the following command:

$ cat /etc/*[-_]{release,version}

e.g.

$ cat /etc/*[-_]{release,version}
DISTRIB_ID=LinuxMint
DISTRIB_RELEASE=17.1
DISTRIB_CODENAME=rebecca
DISTRIB_DESCRIPTION="Linux Mint 17.1 Rebecca"
NAME="Ubuntu"
VERSION="14.04.1 LTS, Trusty Tahr"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 14.04.1 LTS"
VERSION_ID="14.04"
HOME_URL="http://www.ubuntu.com/"
SUPPORT_URL="http://help.ubuntu.com/"
BUG_REPORT_URL="http://bugs.launchpad.net/ubuntu/"
jessie/sid

Tor Installation

Add the GPG key used to sign the packages by running the following commands:

$ gpg --keyserver keys.gnupg.net --recv 886DDD89
$ gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89|sudo apt-key add -

Refresh your sources:

$ sudo apt-get update

Install the following package to keep the signing key up to date:

$ sudo apt-get install deb.torproject.org-keyring

Install the Tor and ProxyChains by running the following command:

$ sudo apt-get install tor proxychains

The following basic packages will be installed:

Package Description
tor Anonymizing overlay network for TCP
proxychains Redirect connections through proxy servers

The ProxyChains is already configured to use Tor by default.

You can verify this by looking up /etc/proxychains.conf.

The last lines should be like these:

[ProxyList]
# add proxy here ...
# meanwile
# defaults set to "tor"
socks4 127.0.0.1 9050

Verify Tor

You can test the Tor by checking your public IP address from the command line.

$ wget -q -O - ip.appspot.com
83.***.***.***
$ proxychains wget -q -O - ip.appspot.com
ProxyChains-3.1 (http://proxychains.sf.net)
|DNS-request| ip.appspot.com 
|S-chain|-<>-127.0.0.1:9050-<><>-4.2.2.2:53-<><>-OK
|DNS-response| ip.appspot.com is 74.125.193.141
|S-chain|-<>-127.0.0.1:9050-<><>-74.125.193.141:80-<><>-OK
154.35.132.83
No comments yet

Encrypt DNS Traffic With DNSCrypt

Posted on by admin

This tutorial describes how to install and set up DNSCrypt on Debian based systems, like Linux Mint, Ubuntu etc.

DNSCrypt Proxy – is a tool for securing communications between a client and a DNS resolver.

It encrypts DNS requests using the DNSCrypt Protocol and pass them to an upstream server, by default OpenDNS.

Resolving dependencies

Install the packages necessary to compile DNSCrypt.

$ sudo apt-get install build-essential

Download and extract the latest libsodium library:

$ wget http://download.libsodium.org/libsodium/releases/libsodium-0.4.2.tar.gz  -O - | tar -xz

Install the library:

$ cd libsodium-0.4.2/
$ ./configure && make
$ sudo make install
$ sudo ldconfig
$ cd ..
$ rm -rf libsodium*

DNSCrypt Proxy Installation

Download and extract the latest DNSCrypt Proxy:

$ wget http://download.dnscrypt.org/dnscrypt-proxy/dnscrypt-proxy-1.3.3.tar.gz  -O - | tar -xz

Install the DNSCrypt Proxy:

$ cd dnscrypt-proxy-1.3.3/
$ ./configure  && make
$ sudo make install
$ cd ..
$ rm -rf dnscrypt-proxy*

Run the following command to start DNSCrypt:

$ sudo /usr/local/sbin/dnscrypt-proxy --daemonize --pidfile=/run/dnscrypt-proxy.pid --edns-payload-size=4096

Reconfigure Network Manager to use DNSCrypt:

  • Open Network Connections from the menu.
  • On the Wired or Wireless tab highlight your active Internet connection.
  • Click “Edit”.
  • On the IPv4 Settings tab, set Method to “Automatic (DHCP) addresses only” and set DNS servers to “127.0.0.1”.
  • Click “Save”.
  • Click “Close”.

Restart Network Manager:

$ sudo restart network-manager

Final Test

Visit http://www.opendns.com/welcome page to test your connection.

You should be welcomed to OpenDNS.

Run DNSCrypt Proxy at System Startup

Once everything works as expected, it is necessary to include dnscrypt-proxy to our rc.local to run automatically whenever the system boots.

To do this open the /etc/rc.local file:

$ sudo vi /etc/rc.local

Paste the following line before the line where exit 0 appears.

exec /usr/local/sbin/dnscrypt-proxy --daemonize --pidfile=/run/dnscrypt-proxy.pid --edns-payload-size=4096

More info about DNSCrypt

3 Comments

HowTo: Clear BASH History

Posted on by admin

Sometimes you don’t want to leave Bash history, because it may contain some sensitive data (e.g. passwords, tokens, etc.).

This article will help you to take a full control on your .bash_history file.

I will show how to clear the commands history for the current Bash session, how to prevent particular commands from being recorded to the .bash_history file and how to completely erase the Bash history. (more…)

3 Comments

Linux Proxy Server Settings – Set Proxy For Command Line

Posted on by admin

To use a proxy on the Linux command-line, you can set the environment variables http_proxy, https_proxy or ftp_proxy, depending on the traffic type.

These proxy server settings are used by the almost all Linux command-line utilities, e.g. ftp, wget, curl, ssh, apt-get, yum and others.

If you don’t know yet which proxy server to use, you can take one from the lists of the free public proxy servers at the end of this article. (more…)

7 Comments