So, I see alot of people on here asking how to remain anonymous while “hacking” (legally of course). Now this tutorial might be over kill if you’re just trying to pwn a small google dork or something. But if its a large organization / foreign goverment / goverment related then this is the right tutorial for you, or if you’re just curious lol, Anyways lets start I’m going to list a few thing you will need.
A trust worthy VPN running on your host machine (NordVPN or Cryptostorm I reccomend & from experience I can say they are trustworthy)
A “Virtual Machine” of ParrotOS I reccomend and combine the VPN with anonsurf for connecting to the VPS.
A Linux VPS running debian/ubuntu (either buy a offshore one with a throwaway bitcoin account or use someone elses, root someone elses (with consent obviously and do it from there.)
Install tor onto the vps “apt-get install tor” now the reason for this when you install tor for a vps it comes with something called “tor socks” and it’s essentially using tor as a socks 5 proxy on the server for outbound connections to use you just enter: " torsocks sqlmap" for example.
*So now when you go too exploit your target of choice (LEGALLY) you will be damn near fully anonymized when you’re done rm -rf the box & use shred to wipe system logs.
If you’re really paranoid you could combine proxychains with torsocks & use someone elses WiFi just make sure if you use someone elses internet spoof your mac address, GUID, UUID etc.
Don’t log into that box again its a one and done.
If you’re just trying too get someone to run a metasploit payload or something you dont need even need tor socks you can just use the VPS and that should be enough to anonymize you. If you follow the steps in part 1 & 2 above. The good thing about doing it from a VPS is that you’re not doing it from your own computer so you don’t have to worry about an “Intrusion Prevention” ( I would only worry about them trying to own you in the proccess if its a large goverment) team trying to 0wn you back in the proccess while doing your legal hacking. And 95% of the time VPS’s you don’t need to port forward so metasploit etc works out the box on installation.
There are some more things that could go into this but I can’t be arsed too type it all this would be effective though. And I do personally know people from experience that used this method too pwn sh*t originally “MLT” from teamp0ison told me this years ago. But yeah do what you want with it I’m not responsible for your actions.