That’s my very first post here. I’m new to hacking and I’m learning the Reconnaissance phase. I’m also completely new to Networking… but I’m always thinking how anonymize all my techniques. I would like to ask which are the most anonymous active recon technique that you guys are applying today.
I already started doing a little research. Trying to figure it out, I gathered some interesting techniques that I would like to talk/share with you guys:
- Idle / Zombie Scan
- Proxychains + Tor + Nmap
- Decoy and Fragmentation attacks
Well, since I’m just learning, I’m a little bit lost with all that info. My first intention was understand how could I anonymize the following tools on the network: SpiderFoot, ReconDog, Red Hawk v.2, Devploit, Sn1per, etc…
But digging into it I found some technical issues about some techniques(nmap with proxy), for example:
- “only normal TCP connections will be possible with the proxy, no SYN and FIN scan. (…) DNS lookup is not possible through the proxy”
- “ICMP ping can not be done to see if a host is alive, since ICMP is not TCP. So you might need to skip the host discovery step if your targets are only accessible through the proxy (-Pn)”
From here, I found:
- “To hide the scanning computer’s IP address, it was necessary to eliminate pinging by setting the –Pn flag. The –sT flag needed to be set in order to run the scan using TCP instead of UDP 4. The –sV flag allows for version scanning and does not leak the scanner’s IP address. The –O (OSDetection), and -A (OS detection, version detection, script scanning, and traceroute) did reveal the IP address because Nmap bypassed Proxychains during part of the execution”
From my little research, almost all of the content was directed to “Proxy + Tor + Nmap”, but what about the other tools? How can I manage them to run through Tor too? If Nmap + Tor doesn’t accept SYN scan, OS detection, traceroute, etc (without reveal IP)… how can I run an anonymous recon? The Idle Scan could handle the host discovering, but what about the rest of the recon? I was reading the post “How to Become Anonymous like Notorious Blackhats - Stealthiest Setup” and saw that: “don’t hack over tor” so… I’m kind confused now. I really appreciate any opinion about that.
Ps: Sorry if it is a silly question, or if it sounds script kiddie because of the tools, but I’m really trying to understand and learn everything as possible here. So I really really really appreciate all answers from the Masters here!
Ps2: Sorry if my question wasn’t clear enough, english is not my main language.