Network Hacking Group fckD Version: 0.1 October 2008 The Hacker's RFC ABSTRACT This document introduces best practices a computer hacker should know about and implement for his own safety. ------[ Table of Contents 1 - Introduction 2 - Why this paper? 3 - Selecting a target 4 - Anti-forensics 4.1 - Full disk encryption 4.2 - Virtual Disk/Partition/Drive Encryption 4.3 - Cipher recommendations 4.4 - Encrypted communication 4.5 - Avoid logging 4.6 - Useful tools 5 - Notes on behavior and trust 6 - Keep yourself up to date 7 - Related reading 8 - Final words ------[ 1 - Introduction The purpuse of this document is to write down fundamentals best safety practices a hacker can use when hacking stuff. This paper focuses on setting up a *secure* computer for real hacking attacks. ------[ 2 - Why this paper? The main reason I decided to write this paper is to promote real computer hacking and help out people who are willing to do real stuff by sharing a bit of what I have learnt from my experiences. I would like to add an extra paragraph to say that most of hacking challenges and hacking plateform like WebGoat do not represent the reality. So if you really want to improve you should go wild with all the risks that means. ------[ 3 - Selecting a target When choosing where to hack for fun these are the best practices: - blacklisting: * avoid your own country * avoid good friends of you own country * avoid countries you may want to go live in * if you are living within the european union it is preferable not to hack into countries that are members of the union - whitelisting: * select somewhere far like Peru, Chili, Argentina, Aruba, Yemen, Uruguay, Mongolia, Liberia, Korea, Cambodia, Gabon. An exaustive list of countries can be fount in [1]. * select countries in a cyber war like Georgia with Russia Once you have choosen which part of the world to target you could look at its url country code [1]. ------[ 4 - Anti-forensics This section focuses on setting up a computer *protected* against forensics investigation(s). ---[ 4.1 - Full disk encryption Installing a full disk encryption software to protect your files is highly recommended. There's a list of free and open sources tools available for you: windows: - Truecrypt [2] - DiskCryptor [19] linux: - dm-crypt/Linux Unified Key Setup (LUKS) [3,4,5,6] - EncFS [9] - eCryptfs [10] - Loop-AES [15] bsd: - GELI [7,8] - CGD [16] note: under linux or bsd remember to also encrypt the swap partitions. ---[ 4.2 - Virtual Disk/Partition/Drive Encryption If you need to encrypt a virtual disk a partition or a drive (e.g usb drive), there's a list of free and open sources tools for you: windows: - Truecrypt [2] - CrossCrypt [17] - DiskCryptor [19] - FreeOTFE [21] linux: - Truecrypt [2] - Cryptoloop (Deprecated, known vulnerabilities) [18] - FreeOTFE [21] - eCryptfs [10] - dm-crypt [21] bsd: - GBDE [20] ---[ 4.3 - Cipher recommendations The following table is my personal recommendations when selecting a cipher algorithm: +----------------------------------------------------------------+ | PARAMETER | RECOMMENDATION | +--------------------+-------------------------------------------+ | block cipher | AES, Serpent | +--------------------+-------------------------------------------+ | symmetric key size | at least 128bits | +--------------------+-------------------------------------------+ | hash functions [12]| SHA-2 (SHA-224, SHA-256, SHA-384, SHA-512)| | | Whirlpool | +--------------------+-------------------------------------------+ | key generation | follow PKCS#5 PBKDF2 [13,14] | +--------------------+-------------------------------------------+ Cryptography for dummies: - Ciphers: http://en.wikipedia.org/wiki/Cipher - Block ciphers: http://en.wikipedia.org/wiki/Block_cipher - Block size: http://en.wikipedia.org/wiki/Block_size_%28cryptography%29 - AES: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard - Serpent: http://en.wikipedia.org/wiki/Serpent_%28cipher%29 - Hash function: http://en.wikipedia.org/wiki/Hash_function - SHA: http://en.wikipedia.org/wiki/SHA_hash_functions - Whirlpool: http://en.wikipedia.org/wiki/WHIRLPOOL - Passphrase: http://en.wikipedia.org/wiki/Passphrase - Weak key: http://en.wikipedia.org/wiki/Weak_key - LinuxCryptofs: http://wiki.boum.org/TechStdOut/LinuxCryptoFS ---[ 4.4 - Encrypted communication To protect your messaging communications you can use the following open source and free tools: - pidgin + pidgin-encryption (pidgin-encrypt.sourceforge.net) - pidgin + pidgin-otr (pidgin-encrypt.sourceforge.net) - kopete + kopete-otr (kopete-otr.follefuder.org) - irssi + irssi-otr (irssi-otr.tuxfamily.org) ---[ 4.5 - Avoid logging Avoid logging anything that could record what you are doing on your machine. Make sure you do not record you msn, gtalk, irc etc communications, specially if you are communicating with your fellow hackers through those protocoles. ---[ 4.6 - Useful tools Passwords generator: - makepasswd (linux, bsd) - PWGen (windows) - Advanced password generator (windows) - PC Tools Password Generator (online: www.pctools.com/guides/password/) Anti-forensics: - Timestomp, that allows you to modify all four NTFS timestamp values modified, accessed, created, and entry modified. - Slacker, tool that allows you to hide files within the slack space of the NTFS file system. - Sam Juicer, a Meterpreter module that dumps the hashes from the SAM, but does it without ever hitting disk. Secure file deletion: - Eraser (windows) - Evidence eliminator (windows) - WinClear (windows) - Window washer (windows) - shred (linux) - srm (bsd, linux) - wipe (linux) ------[ 5 - Notes on behavior and trust Avoid talking about your hacking activities to anyone that is not directly related to what you are doing. Even if your purpuse is only to improve your own knowledge, always remember that hacking is considered to be illegal in most countries. Avoid looking for fame. Keep in mind the good spirit of someone who is just having fun and is not looking for anything else. Fame will only draw attention on you. Do not trust anyone completely even the people you are working with, always make sure to back yourself up. ------[ 6 - Keep yourself up to date It is important to keep yourself updated on what's going on in the digital forensics world. I recommend following rss feeds of those sites: - www.forensicfocus.com - computer.forensikblog.de - volatilesystems.blogspot.com - www.securiteam.com Adapt yourself to new forensics techniques and discoveries. ------[ 7 - Related reading Anti-forensic techniques, http://www.forensicswiki.org/wiki/Anti-forensic_techniques Anti Forensics: Making Computer Forensics Hard, http://ws.hackaholic.org/slides/AntiForensics-CodeBreakers2006-Translation-To-English.pdf Anti-Forensics: Techniques, Detection and Countermeasures, http://www.simson.net/ref/2007/slides-ICIW.pdf The Computer Forensics Challenge and Anti-Forensics Techniques, http://www.h2hc.com.br/repositorio/2007/montanaro.pdf Anti-Forensics, http://www.youtube.com/watch?v=q9VUbiFdx7w ------[ 8 - Final words I hope this small paper could have helped you. Happy and safe hacking to you! fckD REFERENCES [1] Url country codes http://ftp.ics.uci.edu/pub/websoft/wwwstat/country-codes.txt [2] Truecrypt software http://www.truecrypt.org/ http://www.truecrypt.org/downloads.php http://www.truecrypt.org/docs/ [3] Linux Unified Key Setup (LUKS) http://luks.endorphin.org/ http://www.saout.de/tikiwiki/tiki-index.php?page=LUKS [4] Gentoo: System Encryption DM-Crypt with LUKS http://gentoo-wiki.com/SECURITY_System_Encryption_DM-Crypt_with_LUKS [5] Fedora: LUKSDiskEncryption http://fedoraproject.org/wiki/Security_Guide/9/LUKSDiskEncryption [6] Ubuntu: Installing Ubuntu 8.04 with full disk encryption http://learninginlinux.wordpress.com/2008/04/23/installing-ubuntu-804-with-full-disk-encryption/ Ubuntu: Encrypted Swap and Home with LUKS on Ubuntu 6.06 and 5.10 https://help.ubuntu.com/community/EncryptedFilesystemHowto3 [7] Bsd: GELI http://www.violetlan.net/bsd/25/DiskEncryptionwithgelionFreeBSD [8] Encrypting Disk Partitions, FreeBSD Handbook, Chapter 18 Storage http://www.freebsd.org/doc/en/books/handbook/disks-encrypting.html [9] EncFS http://www.arg0.net/encfs [10] eCryptfs http://ecryptfs.sourceforge.net/ [12] List of cryptographic hash functions http://en.wikipedia.org/wiki/Cryptographic_hash_function#List_of_cryptographic_hash_functions [13] PKCS #5: Password-Based Cryptography Standard http://www.rsa.com/rsalabs/node.asp?id=2127 [14] PBKDF2 (Password-Based Key Derivation Function) http://www.truecrypt.org/docs/pkcs5v2-0.pdf [15] Loop-Aes http://loop-aes.sourceforge.net/ [16] CGD http://www.imrryr.org/%7Eelric/cgd/cgd.pdf [17] CrossCrypt http://www.scherrer.cc/crypt/ [18] Cryptoloop http://www.tldp.org/HOWTO/Cryptoloop-HOWTO/ [19] DiskCryptor http://freed0m.org/index.php/DiskCryptor_en [20] GBDE http://www.freebsd.org/cgi/man.cgi?query=gbde&apropos=0&sektion=4&manpath=FreeBSD+5.0-RELEASE&format=html [21] dm-crypt www.saout.de/misc/dm-crypt/