[tor-talk] Anonymous SSH Hack.

2016-09-12 Thread Andrzej Wysocki
hello, i am an amateur hacker, but i wish to work in the Cyber Security in the EU NATO Structure, probably in a small Company or a Corporation soon. i've written an article about SSH Dictionary Hack over TOR, didn't check if it works yet though (no time mostly). i could use a constructive critic

Re: [tor-talk] Anonymous SSH Hack.

2016-09-12 Thread Ben Tasker
I'm not going to comment on the attack side of your post as, if nothing else, this isn't really the forum, but the following is probably worth noting in terms of potential leakage when SSH'ing over Tor. You probably want to pass the following VerifyHostKeyDNS=no Don't attempt to do lookups

Re: [tor-talk] Anonymous SSH Hack.

2016-09-12 Thread me
Sorry for going off-topic. Do you provide a formal definition of a hack? On 12.09.16 15:29, Andrzej Wysocki wrote: hello, i am an amateur hacker, but i wish to work in the Cyber Security in the EU NATO Structure, probably in a small Company or a Corporation soon. i've written an article about

Re: [tor-talk] Anonymous SSH Hack.

2016-09-12 Thread Lars Noodén
On 09/12/2016 03:54 PM, Ben Tasker wrote: >... > CheckHostIP=no > > Don't do a DNS lookup of the host, the Tor exit node's going to do that > anyway, and again, the queries will be observable by your ISP I'm thinking that the use of ProxyCommand makes that redundant? The manual page for ssh

Re: [tor-talk] Anonymous SSH Hack.

2016-09-12 Thread Andrzej Wysocki
hello, what do You (m...@beroal.in.ua) mean by 'a formal definition of a hack'? if You mean formal as strict code, then yes ... i'll provide working script later - probably in the same article (will reedit if needed). i think also that 'a hack definition' is 'something not done according with de

Re: [tor-talk] Anonymous SSH Hack.

2016-09-12 Thread Ben Tasker
Below On Mon, Sep 12, 2016 at 2:43 PM, Lars Noodén wrote: > On 09/12/2016 03:54 PM, Ben Tasker wrote: > >... > > CheckHostIP=no > > > > Don't do a DNS lookup of the host, the Tor exit node's going to do that > > anyway, and again, the queries will be observable by your ISP > > I'm thinking

[tor-talk] bug

2016-09-12 Thread xuzixatem
https://www.browserleaks.com/firefox it can be used for both fingerprinting (different users use different OS setups or different Tor versions) and exploiting software vulnerabilities because when attacker don’t know your OS or browser version they don’t know what payload can do the thing that

Re: [tor-talk] bug

2016-09-12 Thread Joe Btfsplk
On 9/12/2016 9:41 AM, xuzixa...@polyfaust.com wrote: https://www.browserleaks.com/firefox it can be used for both fingerprinting (different users use different OS setups or different Tor versions) and exploiting software vulnerabilities because when attacker don’t know your OS or browser versi

[tor-talk] Question - NoScript ClearClick bug

2016-09-12 Thread Joe Btfsplk
#14985 new defect NoScript Clickjacking warning when clicking on embedded content This obviously hasn