Tutorial: How to "legally" hack anonymously

So, I see alot of people on here asking how to remain anonymous while “hacking” (legally of course). Now this tutorial might be over kill if you’re just trying to pwn a small google dork or something. But if its a large organization / foreign goverment / goverment related then this is the right tutorial for you, or if you’re just curious lol, Anyways lets start I’m going to list a few thing you will need.

  • A trust worthy VPN running on your host machine (NordVPN or Cryptostorm I reccomend & from experience I can say they are trustworthy)

  • A “Virtual Machine” of ParrotOS I reccomend and combine the VPN with anonsurf for connecting to the VPS.

  • A Linux VPS running debian/ubuntu (either buy a offshore one with a throwaway bitcoin account or use someone elses, root someone elses (with consent obviously :wink: and do it from there.)

  • Install tor onto the vps “apt-get install tor” now the reason for this when you install tor for a vps it comes with something called “tor socks” and it’s essentially using tor as a socks 5 proxy on the server for outbound connections to use you just enter: " torsocks sqlmap" for example.

*So now when you go too exploit your target of choice (LEGALLY) you will be damn near fully anonymized when you’re done rm -rf the box & use shred to wipe system logs.

  • If you’re really paranoid you could combine proxychains with torsocks & use someone elses WiFi just make sure if you use someone elses internet spoof your mac address, GUID, UUID etc.

  • Don’t log into that box again its a one and done.

If you’re just trying too get someone to run a metasploit payload or something you dont need even need tor socks you can just use the VPS and that should be enough to anonymize you. If you follow the steps in part 1 & 2 above. The good thing about doing it from a VPS is that you’re not doing it from your own computer so you don’t have to worry about an “Intrusion Prevention” ( I would only worry about them trying to own you in the proccess if its a large goverment) team trying to 0wn you back in the proccess while doing your legal hacking. And 95% of the time VPS’s you don’t need to port forward so metasploit etc works out the box on installation.

There are some more things that could go into this but I can’t be arsed too type it all this would be effective though. And I do personally know people from experience that used this method too pwn sh*t originally “MLT” from teamp0ison told me this years ago. But yeah do what you want with it I’m not responsible for your actions.

Sincerly,
Ring0 :slight_smile:

2 Likes

Hi ring0
Its really a nice post thanks for that.
My question is does it work more anonymously
When some one use live usb of tails or any other linux dextro during hacking cuz after exploiting when you remove pendrive the whole data is wiped and no event or logs remain

You talking about persistent USB Drive?

rootsec
yes live usb also a best way to secure

The only thing with Tails is installing all of your tools every time.

Unless of course you built a custom ISO of it OR had a seperate partition on the usb stick that had your tools all ready to go on it.
The latter would be the easiest thing to do I would think.

In this case tails isnt neccessary, If you’re really worried about it Id say throw parrot on a USB or External HDD. But a VM would be fine

Yes you have a point.
Either way the usb can be smashed to bits with a hammer and destroy any logs LoL.

But then that is destroying evidence which is another crime HAHA…So just make sure to cover your ass I guess in the first place.

1 Like