Wednesday, August 27, 2008

Proxies, Wingates and Routers: An overview of 0wn1ng th3 w0r1d


Disclaimer: The information presented here is solely for educational purposes. Any misuse of this information is not the author's intent and neither is it the author's responsibility. I hereby disclaim any responsibility for any kind of damage this information may cause in any way or any manner, to any individual, organization or government. The author shall not be responsible for any damage this information may cause.

Proxies and wingates have been long been heavily used means for privacy in the Internetwork. Today, we find them with a simple google search. You may try some in the above search box. Here, I shall describe in brief how these work.

Proxies:

Proxies are used for the web. In l33t terms, for port 80. That is, proxies will help us forge our IP by forwarding all the traffic through the proxy server. Most proxy servers will allow only simple HTML. Others however help to forward all traffic including asp, php etc, thus making the user totally secure.

There are various kinds of proxies. The ones that provide proxies through their webpages are cgi proxies. They use a cgi(Central Gateway Interface) script in the cgi-bin directory of their web server. That script takes our request, then contacts the web server that we requested, and then forwards the data in a webpage, with their address box at the top. One very good example of cgi proxy would be http://www.anonymizer.ru. This one is a russian website. If you don't know aware of russian, you probably won't understand what's written (neither do I), but there's an address box at the top, and that's what we're looking for. I'd write, suppose www.google.com there, and I'd get the google.ru and it will not forward me to google.co.in, which it will do if I use no proxy. Similarly, if it is a proxy server in Belgium, google.com would forward me to google.be. For china, it would be google.cn. You get the pattern now. Now these cgi proxies are not good enough, when it comes to php or asp based sites. The solution is simple. I'd rather use socks proxy. Socks is a protocol, that creates a secure connection between me and the proxy server. It usually runs on port 8080. So, if you have to search for your own proxies, you'd write a program, that would search throughout networks for open 8080 ports.

NB: A word of warning: Most of the proxies log their traffic and will leak your information out if they have to (as in legal problems). So, if you're trying to do something stealthy or something that may lead you to trouble, be sure either to use anonymous proxies (most of them, that claim to be anonymous and storing no logs, may actually log your data), or to somehow login to the box, and delete the logs. But again, if they have a centralized logging system, you're in trouble.

Now I'd come to how to setup the proxies. You have a settings box in your web browser. No matter what browser you use, it has to have one, where you can setup your proxy, which asks for the IP and port of the proxy, and maybe, the type of proxy server it is. In firefox, it is View>Preferences>Network>Proxy. In case of IE, it is in Tools>Internet Options.

What if you'd want to use multiple proxies? You'd want to do something like this:

http://proxy1:port1-_-proxy2:port2-_-proxy3:port3-_-url

Although many manuals do say it is that way (in case of socks proxies), but I've never found this working. If you have a solution to this, do leave a comment.

Wingates:

Wingates is the solution, when it is not the web. For ports other than 80, what we use is wingates. Wingates have long been exploited for purposes, that aren't considered good everywhere (you know what I mean). Wingates are available from many companies, if you use an account there, but if you are a person like me, for whom money matters, you'd do what I do. Just search for port 23 open, and see if there is a prompt on connection, which says something like '>'. If the wingate is left to default settings, it would be "WinGate>", but if the admin changes the wingate to something else, you know what would happen. But if there is that '>', there is a prompt and it is not asking for passwords. So, just write a program, and scan networks, searching for a prompt. But if you are not hard working (unlike me), you'd get hundreds of scanners out there. Go to http://www.packetstormsecurity.org and scan for "wingate scanner".

What I'd do if I get a wingate:

I'd connect to another through that, and then to another, and then to a few more, before I actually do the hack. This will give me more security, and my chances of getting caught will be lesser. But again there are these logs, which may not be able to delete, depending on the settings in the server.

NB: Wingates, due to their lack of security till date, are not always online, so you have to keep searching for them, and when online, they will be online for about a few hours or so.

Routers:

Routers are the most insecure computers that exist on the Internet. There are so many routers in this world, that you can 0wn as many as you want. The most predominant reason for this lack of security of routers, is that most are not configured at all. They are left with their default passwords (I know this from personal experience). Because of this, routers are very easy to exploit. All you need to do is find out which Operating System it is using, and then just grep out the default passwords list for that. How to find the OS? Go read about nmap, stupid boy!

As routers have to work all the times, they are always on, but again they may log your data, and you may not be able to delete it. But since routers get so huge an amount of traffic everyday, that your chances to escape, literally increases very much. When you decide to exploit a router, use a wingate first, and then connect to it. Why take chances?

How to find them:

Finding routers is easy. I'll tell the most easy way. One that I had incorporated to find routers. Go to google, and search anything, then traceroute all the sites that show up. All the computers that come between yours and theirs, are routers. Then you have to scan each one for the operating system. It's that easy.

NB: Many routers belong to governments for setting up the national internet backbone, as they call it here (NIB). So, when trying to do something with those, try being extra careful. You don't want to get into some serious trouble.