Hello everyone, I'm new on null-byte, it's my first question.
I've searched a lot on google about how making a reverse payload which use TOR network or a proxy, to avoid my IP appearing somewhere.
I had no really success in my search..
I prefer using TOR instead of proxy, however if TOR isn't possible I will use a proxy. Can someone tell me where to start ? I've heard about hidden TOR service; but it suppose that the victim machine has TOR on it, right?
Forum Thread:
How to Track Who Is Sms Bombing Me .
4
Replies
Forum Thread:
Removing Pay-as-You-Go Meter on Loan Phones.
1
Replies
Forum Thread:
Hydra Syntax Issue Stops After 16 Attempts
3
Replies
Forum Thread:
moab5.Sh Error While Running Metasploit
17
Replies
Forum Thread:
Execute Reverse PHP Shell with Metasploit
1
Replies
Forum Thread:
Install Metasploit Framework in Termux No Root Needed M-Wiz Tool
1
Replies
Forum Thread:
Hack and Track People's Device Constantly Using TRAPE
35
Replies
Forum Thread:
When My Kali Linux Finishes Installing (It Is Ready to Boot), and When I Try to Boot It All I Get Is a Black Screen.
8
Replies
Forum Thread:
HACK ANDROID with KALI USING PORT FORWARDING(portmap.io)
12
Replies
Forum Thread:
Hack Instagram Account Using BruteForce
208
Replies
Forum Thread:
Metasploit reverse_tcp Handler Problem
47
Replies
Forum Thread:
How to Train to Be an IT Security Professional (Ethical Hacker)
22
Replies
Metasploit Error:
Handler Failed to Bind
41
Replies
Forum Thread:
How to Hack Android Phone Using Same Wifi
21
Replies
How to:
HACK Android Device with TermuX on Android | Part #1 - Over the Internet [Ultimate Guide]
177
Replies
How to:
Crack Instagram Passwords Using Instainsane
36
Replies
Forum Thread:
How to Hack an Android Device Remotely, to Gain Acces to Gmail, Facebook, Twitter and More
5
Replies
Forum Thread:
How Many Hackers Have Played Watch_Dogs Game Before?
13
Replies
Forum Thread:
How to Hack an Android Device with Only a Ip Adress
55
Replies
How to:
Sign the APK File with Embedded Payload (The Ultimate Guide)
10
Replies
How To:
Find Vulnerable Webcams Across the Globe Using Shodan
How To:
Use Kismet to Watch Wi-Fi User Activity Through Walls
How To:
Use SpiderFoot for OSINT Gathering
How To:
Enumerate SMB with Enum4linux & Smbclient
How To:
Hack a Windows 7/8/10 Admin Account Password with Windows Magnifier
How To:
Find Identifying Information from a Phone Number Using OSINT Tools
How to Hack Wi-Fi:
Cracking WPA2-PSK Passwords Using Aircrack-Ng
How To:
Buy the Best Wireless Network Adapter for Wi-Fi Hacking in 2019
How to Hack Wi-Fi:
Stealing Wi-Fi Passwords with an Evil Twin Attack
How To:
Stealthfully Sniff Wi-Fi Activity Without Connecting to a Target Router
How To:
Generate Crackable Wi-Fi Handshakes with an ESP8266-Based Test Network
How To:
Inject Keystrokes into Logitech Keyboards with an nRF24LU1+ Transceiver
How to Hack Wi-Fi:
Creating an Evil Twin Wireless Access Point to Eavesdrop on Data
How To:
Hack SAML Single Sign-on with Burp Suite
How To:
Use Burp & FoxyProxy to Easily Switch Between Proxy Settings
How To:
Scan for Vulnerabilities on Any Website Using Nikto
How To:
Spy on Traffic from a Smartphone with Wireshark
How To:
Extract Bitcoin Wallet Addresses & Balances from Websites with SpiderFoot CLI
How to Hack Wi-Fi:
Get Anyone's Wi-Fi Password Without Cracking Using Wifiphisher
How To:
Crack SSH Private Key Passwords with John the Ripper
8 Responses
And I'm speaking only about reverse connection because I suppose that i don't have the victim IP.
Futhermore, even if I have the IP, and that I try to connect to the infected computer; how will the victim box know to which computer my request must be transmitted? It would need a port redirection in the victim box?
Sorry for my bad english :)
Look, Tor is VERY complex...Your packets change their identity 3-4 times through Tor before arriving to their destination... Except if you used something like a .onion domain that points to your computer...I don't know o.O... Better stick with proxies... :)
The simple way is to follow this post https://null-byte.wonderhowto.com/how-to/install-parrotsec-sealth-and-anonsurf-modules-kali-2-0-0166918/ , after that all your traffic is routed through TOR. You can then find your public IP with the usual methods and then use it for your reverse connections
Alright, thanks for your answers :)
DONFN, for proxies, is it better to use bind or reverse tcp?
Do you have a complete tutorial about using them ? (I'm not familiar at all with proxies)
About the .onion domain, i've saw on internet some people using reverse http payloads to connect back to their computer, but I failed to reproduce it.
LULU, when you say to find my public IP, you mean that I find the IP of the 3rd tor server, the IP which is appearing when I'm connecting to websites for instance?
But there are problems using it for reverse connection :
Sorry if I misunderstood your says ^^
You can't use reverse connection trough a proxy, only bind
That is not accurate.
why so?
It would be impossible to use tools like metasploit with Tor, because tor specifically prohibits this sort of thing., because it has been used as a deanonymization technique to attack tor in the past, specifically to gain control of guard and exit nodes.
Share Your Thoughts