Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   Reverse/Social Engineering (http://www.reteam.org/board/forumdisplay.php?f=22)
-   -   Anti-Tracking ? (http://www.reteam.org/board/showthread.php?t=53)

barcode_ 05-24-2003 03:28 PM

Anti-Tracking ?
 
Just curious if anyone has read any tuts or implemented any ideas such as to avoid tracking and keeping forum posts unique? Such as you have 2 boards you regularly visit and use and a wicked evil third party wants to snoop on you and check your interactions say to make a psychological profile of you? Very possible i think. One way to avoid this would to seemingly throw wrenches into this geared process. One should use different punctuation between the differing accouts such as i instead of I u instead of you. One account be proper english other be h4x0r slang. One account portray yourself of different race/ethnicity/sex/age as your actual self so as to stop evil third parties from forming profiles of you and categorizing you as one of the sheep to be poaked,prodded, and harvested for there warez :) almost counter-surveilancish

Devine9 05-25-2003 01:00 PM

what?

Devine Right [RET]

barcode_ 05-25-2003 03:48 PM

didn't understand that? my rambling is horrible :(

kw 05-25-2003 05:03 PM

Here's an explanation to the ramblings... I was talking to barcode when he mentioned that and probably posted, so I know what he meant I guess.
He means that people will 'stalk' you on boards, to form a psychological profile of you and will then use this information. I personally, do not see this happening, its waaay too much hassle for anyone to go through that stuff and make a profile to be of any real use.
Seems like nothing but outrageous paranoia to keep changing the way you talk because "otherwise people will know what I'm like"..
Just my 2c ;)

-Kwazy Webbit

barcode_ 05-26-2003 12:12 AM

my bad it was a drunken stoned out state where paranoia runs high and ramblings are prevelant and organization is no longer within my grasp. but the overall goal of the article that i meant was using different subtelties and mannerisms to throw people off as not the real you when your anywhere people can't use apperances. say jimmy works at a big cell company and for some reason u want to get sensitive information where jimmy works portraying yourself as jimmy. you don't know jimmy in real life so can't result to recon to see mannerisms speech and overall walk. but if one could be so smart as to read beetween the lines on where jimmy visists. he could findout these same mannerisms to use on the poor late shift guy who is getting reversed socially. since he has probably never talked to jimmy considereding he is a high up power and has no need to talk to third shift security people. then you could implement these mannerisms u picked up from tracking him online. establishing dialogue via email instant chat services or so on. snooping his forum posts that he uses from the email account you already know and so on. alot can be found out from a little bit i think and that was my entire gist of the article dunno how much this clears it up?

kw 05-26-2003 04:48 PM

Damn dude..
Two things:
1) If this style of writing is done purposely, cut it out.. Its really annoying, if not impossible, to read..
2) I still fail to see any purpose to it beside being excessively paranoid.. To me it falls into the same category as wearing an aluminium helmet so the space rays don't read your thoughts... Or smth..

Maybe there are others that disagree, but as far as Im concerned let the people that know me and read my posts form a profile if they want to. No one will consciously anyway, but subconsciously they will (aka 'know me' ;)).

Anyway, laters,
KW

barcode_ 05-27-2003 03:55 AM

hehe sorry bout dat. thanks for the constructive critiscism.

kw 05-27-2003 09:31 AM

Hehe, np mate.. :wink:
I figured Id probably sound mean or something, tried not to ;)

-kw

quitsendingmetrash 12-21-2003 10:24 AM

it seems to me that using a unique style or script kiddy(ing) in several forums would only single you out more. the third party person could then just search out the paranoid, emotionally disrupted, or perhaps even childish employee and imitate him even more precisely.

no offense is intended here.

i am simply pushing the point that singling oneself out may not be the best way to accomplish anonymity.

i am also one who rambles on so i will try to stick to my point, i hope.

people tend to have several personalities and attitudes, especially on the internet. at times on may think they are being ellusive not realizing they are leaving imprints of their traits. one with a keen eye for such things may pick up on this and implement their research in just the opposite way the so-called ellusive person had intended.

any way that is just my 1/2 cent remark!

quitsendingmetrash 12-21-2003 01:55 PM

this question slapped me in the face as i signed up to this forum in order to post my reply to barcode_.

----how safe is it to sign up to a forum?----
keep in mind, this question evolved while i was signing up to a reverse engineering forum under the topic of antiTracking.

the first thing that happened after i signed up was a prompt stating that i had to first activate my registration by replying to an email. using just a little of your imagination it should not be very hard to see the security issues running through my head. i have to do WHAT? --login to my email account! are you crazy? with all the cookies and tracking software out there.

altering my question
----how complicated would it be for a forum to obtain my email password?----
more things to keep in mind
1)browser
a)internet explorer
b)netscape
c)mozilla
d)opera
e)lynx

2)browser sessions
a)i used the same session of my browser to go login to my email account and then came back to the forum.
B)i opened up a new browser window to login, but kept the forum session window open.
c)i closed the forum session window and all other open browser windows; i proceeded to check my email and then closed my browser and reopened a new one to log back into the forum.

3)browser plugins
a)my browser supports javascript, activeX, or something simular
b)my browser only supports html

4)programming packages
a)i have no programming software installed, compilers or interpreters
B)i have an interpreter installed ex) python, pearl, java, or tcl/tk
c)i have some type of c/c++ or asm compiler (more than likely these do not apply, but what do i know)

5)OS
a)unix variant
b)microsoft
c)macintosh
d)other

--this is a giveMe but i did do this (OOPS to late now)
6)could i already have a trojan from the site.
a)install a package from the forum website before signing up
a1)a game ex)Re-Try
a2)a utility ex)uncc, NFO Scroller
B)i did not install any thing from the website
c)the website installed something without my knowledge

7)paranoid
a)i am just way to paranoid
B)i am ignorant and don't know any better
c)i am paranoid and ignorant

attemptedScenario-
joeMammy is curious about learning to program. he installs tcl/tk on his computer. after playing around for a couple of hours he learns that there is a plugin for his browser that enables him to run tcl/tk scripts on his webPages. how delighted he is. he has spent the last two months learning html and has created his own homePage. after spending the past two days at the tcl/tk homePage reading tutorials and writing code, he ventures off to find some more resources. he comes across johnTheJackers tcl/tk for newbies webSite. he finds some very useful information here and to his surprise the tutorials are written in newbieEnglish. "man, i must be in tcl/tk learningForNewbiesHeaven." he thinks to himself. he has so many question to ask, as this is his first attempt to learn a programming language. low and behold there is a forum on this website. "oh boy, i will be able to ask all of my of questions here." after reading through several of the topics, joeMammy generates enough balls to post his first question. when he hits the replyToPost button it informs him that he must first register. "no problem" (now this is a tcl/tk website so guess what is scripted all through out the pages--and we already know joeMammy has installed the tcl/tk plugin for his browser)
after registering he is informed that he has to go login to his emailAccount and activate the registration. not knowing any better he uses the same browser session to go to yahoo, and then he activates his account. after activating the account he is given the option to go straight from his email to the forum and he does so, simply by the click of a link from his email.
-endOfScenario

now for my next question-
----is there any one out there who can assure me that there is no way for johnTheJacker to obtain joeMammy's password using his tcl/tk scripts, when joeMammy logged in to his emailAccount?---- (tcl/tk is used in the scenario, but i am invisioning any scripting/programming language.)

surely this would be a simple task for an experiencedJacker to do. and if joeMammy installed a game or another program there surely would have been a trojan in it (from this paticular webSite). but i am curious to know if the webSite itself could be a trojan or some sort.

----how can the ignorant protect themselves----
(infiniteLoop=read, learn, question, test, examine, read, learn, question, test, examine=infiniteLoop)

1)i would like to state that this is just a scenario i created. the names and instances are all made up and are referring to no one in paticular.
2) i would like to thank everyone for there invaluable brain and time.
3) i would like to applogize to anyone who found these questions a waste of their brain and time.
4) i would like to thank reTeam and all the other informative webSites on the internet, for your information, time and hard work. (i am training my brain to be a sponge for valuable info, without decent sites, i would have nothing but crap to soak up from all the bullCrap most sites are embedded with)
5)i would like to clarify that in the above referall --6) a1) and a2)-- to trojans i used Re-Try, uncc, and NFO Scroller as *EXAMPLES* and in *NO* way was i implying that they are trojans. (i would not know because i don't know how to program, therefore i can't decipher sourceCode)
6)i want to compliment RET for Re-Try, and yes it is addicting. thanks guys/gals for all the hardWork!!!
7)it was not my intention to turn a simple question into an essay(ohWell!)

Devine9 12-21-2003 11:06 PM

Ah, well welcome to the site. I'm sure we'll have many interesting conversations in the future. It's good to see a new face? ;)

Now for your question. I've found, at least throughout my years with programming, that on the web there is a great amount of tricks that you can perform upon users coming to a website. The problem lies in the fact that there are VERY few people in the world who can really code activex that is worth a shit. Me not being one of these people. Unfortunately I can't comment for sure on whether there is definitely possibilities within the activex environment, but there is most definitely a lot of information that the activex can gather that would be considered uncomfortable for the user.

Your email password: No I do no believe that there is any way in which the website would be able to simply grab your email password. There is though, many ways in which they could do it via a trojan horse application. In this scenario however, there is a major risk factor in that if a user's virus scanner detects such an occurance, that there is a big chance that the user will track the problem back to the site and notify the authorities of the incident. So this somewhat removes this potential problem.

In addition to this i'd like to clear up the misconceptions on your post in the way of scripting engines. Indeed there are quite a few scripting engines that can be installed on your system in order for system scripting to occur. These scripting engines, aside from javascript and other small visual browser script solutions, are run via server side, not client side. So in other words, there is no chance of remote execution of source code on a system due to just a compiler being installed. For example, if i install vc++, a website can not compile/execute vc++ code on my system through a web browsing scenario, and the same is true for perl/ tcl/tk /python/asp/jsp/php/etc..

Again, it's my understanding that there is only really the possiblity of uncomfortable data being accessed during execution of activex objects as they run client side, however i'm not an activex guru.

+Greythorne for one, i'm sure has more information for this topic, lets hope he stops by.

regards,

Devine Right

quitsendingmetrash 12-22-2003 11:52 PM

"...there is a great amount of tricks that you can perform upon users coming to a website."

Yes that's it. Tricks are the perfect analogy. I am looking at this without a programming background so forgive me if i am repeating myself, also i will try not to be to far-fetched.

Rather than implying that a webpage has some exotic or malicious code, I'll use a simpler concept.
By singling out the users with browser based email such as hotmail or yahoo. One can then assume the user will be logging into to their email via forms. Entering the user name and password into fields. The idea i have is that some how the web page would track form fields. Perhaps by copying to the clipboard anything that is entered into a field. A script could then steal the
input from the clipboard and submit it to the server's database.

Since we are talking social reversing here, lets modify the webPage so that it is singling out users who copy and paste their
passwords or who click the save password field. The webpage could obtain a password when it is copied to the clipboard.

Here is an example of a clipboardJacker-
h**p://tom.vpwsys.co.uk/clipboard/exploit.html
(i think it only works in internetExplorer)

My idea seems to be some form of a field hunter/viewer embedded in the webPage. No trojans, or superscripts needed. Just the ability to copy and paste. ok enough of that idea.

-----

I came across some html a while back ago that caught my eye.

<HTML>
<BODY>
<IFRAME src="\**.***.**.**">
</BODY>
</HTML>

Put your ip address in place of the stars. Nothing to fancy about this. Although i am sure there is an exploit for this
that could be used for remote access.

Maybe with smb one could use the html iframe script remotely.
h**p://samba.anu.edu.au/cifs/docs/what-is-smb.html

sna has remarked that iframes suck so i will not speak any more about them. although i wrote the above before he posted so i will leave it here.
the only question i have towards iframes-- is it possible to trick the server-client into thinking one is the other?

anyway, i seem to be slamming into a dead end. i started off as i intended, which was asking questions, and now here it seems i am making statements which is not what i had intended. now i must go do some research of my own and quit waisting other peoples time, on a subject that i have no knowledge about. let me see what i can turn up with in the next couple of months and i will let you know if i find anything that applies. although it is doubtfull that i will turn up with something that you already don't know.

to clarify my initial vision i will leave you with this.
At times it is easier to reverse the person rather than the box or the software. To obtain someones password you could hack their box. Although it may be easier to hack the person. I was just wondering if it would be applicable to use a webPage to hack the person. Anyway it really is not important to me to hack anyone. I was looking at it as more of a security issue when registering to a site.

many thanks goes to you Devine9 for clarifing my misconceptions with the python, tcl/tk interpreters. I had this little idea running in my head that it would be some how possible for a webPage to link to a file.py on my hardDrive. When the link was pressed my python interpreter would open up and run the source code.

and yes, i will also thank you sna for your preSight. saw the iframes coming did you?

sna 12-23-2003 06:41 AM

Quote:

saw the iframes coming did you?
merry christmas


All times are GMT -4. The time now is 12:34 AM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.