10
R-C-D
5y

If I exploit ms server 2012 through a wifi hotspot , but logged in to someone else's account (assume it was sniffed) , and I do it using msfconsole connected to the tor with torify command , also I spoof my mac ,
will I stay 100% anonymous ?
If not , what can be done ?

Comments
  • 1
  • 6
    Are you'd asking for help with breaking the law? I don't think you'll get many takers. Anyone who thinks Tor isn't compromised by Intel Sevices around the world is very uninformed.
  • 1
    @iAmNaN it's not about breaking the law.
    So an attacker has no chance to stay hidden forever ?
  • 4
    Leaving with a bang? :) better don't.

    As for being anonymous - yes, you would be. But if I were overlooking company's it I'd still track you down :) it takes some analysis and data comparison.

    I can think of at least 2 ways to get to you :)
  • 1
    @netikras would u mention those ways ? :)
  • 2
    @R1100 that is true. They can eventually track you down.
  • 1
    @iAmNaN :(
    So what is tor and proxy for if u can still track me??
  • 3
    @R1100 sorry, I won't :) but I can say that much - none of them involve any big guns [3rd party services, legal inquiries, etc.]. A determined sysadmin [servers/networking] could track you down just like that.
  • 4
    @R1100 tor and proxy do not mean you're invisible. Oh you are very visible and VERY suspicious from the very moment you use them. You just look different.

    Don't do it
  • 1
    @netikras not fair :(
  • 1
    @netikras i dont wanna be hidden
    I wanna be 100% annonymous
  • 2
    @R1100 and if you're visible, you'll leave a trail to yourself
  • 1
    @netikras then tor is useless ?
  • 1
    @netikras ok what if i connect to someone else's account and spoof my mac (no tor)
    U are likely to think another one was doing this
    Am I right?
  • 1
    @netikras also will attending some forensic courses help me do it better ?
    (Kinda like best police is the best thief )
    //I'm not a thief anyway :D
  • 1
    @theKarlisK can i fake the agent ? I mean completely faking the identity
  • 5
    @R1100 first, learn some network protocols :) what data is transferred. Then keep in mind that all this data is persisted in nw devices as log entries.

    I can almost bet you are forgetting one protocol that makes you discoverable :) no, I will not name it
  • 5
    @R1100 I do not like where all this is going. I think someone should make a copy if this conversation. Just in case you decide to pull off something illegal.

    I will not make the copy. Let it be an unrevealed party
  • 1
    @netikras the network is not ssh (port 80) and i'm not using windows (no smb ) other ports are filtered 😶

    Do u mean the port I'm using to connect to the network?
  • 1
    @netikras it is about educational purposes only ! :)
  • 3
    @R1100 of course it is for edu purposes :) :)
  • 1
    @netikras ok so how criminals in the dark web are never arrested?
  • 2
    @R1100 ask them :)

    and an advance response to your next comment: "exactly" :)
  • 2
    @netikras wow ! U R the true sysadmin
  • 2
    @netikras You now got me really interested. I've tried dabbling around with sysadmin stuff for a bit now, but don't really know what protocol you're referring to.

    Why you become suspicious when using TOR is extremely obvious, but how would you track someone down with a spoofed MAC?

    Would you be fine telling me in private if you're not comfortable sharing it in public? :)
  • 1
    @PrivateGER please share with me !!!
  • 3
    Damn even if @R1100’s intentions aren’t educational it peaked my interest and now I wanna know more.. time to spend some time to learn networks in depth I guess 😅
  • 2
    Look up some network protocols, as @netikras said. It will become very obvious then.
  • 1
    @PrivateGER not sure if u mean ip or not
  • 2
    The first question would be, are you inside the network or are you outside (ex. At home/starbucks/etc).

    If you have "tried"/checked anything so far, you're probably fucked, as if another attacker tries the same loophole they'll just pin it at you.

    Now if you want to stay anonymous, I'd suggest to first buy an old laptop through a fake identity, nuke it and get some kali running on it.

    You still won't be invisible, but it's a basic security measurement. Do always remember, you need to make just one error and they got you. It's not worth it.
  • 11
    Dude, wtf is wrong with you? You got fired, get over it. Stop enacting revenge because if you do, you'll end up in jail. Do you really have nothing to lose?? No SO, no parents, no one who cares? Don't do this to them. Don't do this to you. Wake up. Please.
  • 2
    @netikras Ohhh, I see. :)

    Thanks for the info! Tell me when you finish that project, sounds very intriguing.
  • 1
    @iAmNaN Intel != law enforcement, especially on "low damage" crimes on local scale. Evidence by secret agencies might not be allowed in courts everywhere, but is enough to get one into the radar.
  • 2
    @sbiewald I consider the FBI and Secret Service to be domestic intelligence services in the US that are also law enforcement.
  • 5
    @c3ypt1c This can't be scored high enough.

    @R1100 You are not the first person to hack your previous employer, and nearly all of the got catched.
    Whatever is happening, you will be on the "check those people out first" list when the investigation starts.
    Small pieces you'd never thing about will get the police closer and closer to you. You will be brought to court and be might get jail time, ending your carrier. Is it really worth it?
  • 2
    @PrivateGER Comment has been removed for obvious reasons
  • 2
    @iAmNaN Didn't the FBI use Firefox (=Tor browser) exploits?
  • 6
    Having read some of your previous rants, you are on a path which will make future job interviews and prospects very problematic.

    I implore you, set your rage aside and consider how future potential employers will view your ethical standard.

    This is not the way.
  • 2
    @TJourney I'd say it's *already* problematic. Doing this and getting caught will make it downright impossible. And I can think of a few ways one could quite easily get caught with the method outlined here.

    OP - aside from a cheap short-term thrill, you have *nothing* to gain from doing this whatsoever, aside from a criminal record and a ban on working in this industry ever again. Career suicide is an understatement here.
  • 3
    @sbiewald you know @R1100 has literally shared his attack vector on a public site and this will definitely be used as proof if he goes through with it. It will be one of the links that will fuck him over.

    Please, @R1100, rethink what you're doing.
  • 1
    @netikras why U always keep things sectate ?
    I said I'm not doing anything :/
  • 8
    @R1100 you sound like a sour loser, judging from your recent posts. In the post where you were laid off, we had some sympathy but then it kept going worse. Dude, get into your senses. Understand it was your fault and drop whatever stupid you're planning to do. Channel this energy into getting your next job. Peace.
Add Comment