Attack Server & Machine Configurations
Last updated
Last updated
To set up ourt front-line VPS attack server we will choosse a cloud providers that accepts Zcash or Monero coins.
List of cloud providers that support cryptocurrencies:
We pick a classic Ubuntu VPS and name our machine FrontLine, next we configure firewall rules to allow SSH traffic from our current public IP. Once the machine is up we connect to it using SSH.
To run attacks to web applications, password sparying, among others, we want to make eavery single request from different Ips, so we dont get blocked.
First, create an AWS account, preferably root access, to create a group and user account:
AWS Management Console > Services > IAM
IAM Dashboard > Access management > Groups
Create New Group > Select AmazonAPIGatewayAdministrator policy > Create the group
IAM Dashboard > Access management > Users
Add User > Access type > Programmatic access > Add user to previouslly created group > Create the user > Take note of the Access key ID and the Secret access key
Now, to automate the proxy creation, download and run FireProx:
git clone https://github.com/ustayready/fireprox
cd fireprox
virtualenv -p python3 .
source bin/activate
sudo pip install -r requirements.txt
python fire.py
python fire.py --access_key ACCESS_KEY --secret_access_key SECRET_ACCESS_KEY --region us-east-2 --command create --url TARGET_URL
Then, to evade detection, we can mask our source IP address by adding this custom header to our curl command “X-My-X-Forwarded-For: 127.0.0.1”.
curl -H "X-My-X-Forwarded-For: 127.0.0.1"https://FIREPROXURL.amazonaws.com/fprox/
We can also proxy our attacks through the TOR network (i.e. firing up TOR and configuring its port in proxychains configuration).
To run proxychains from WSL using a port forwarded in local:
First add this rule in the host (Windows):
netsh advfirewall firewall add rule name="Allow WSL Proxy" dir=in action=allow protocol=TCP localport=1080
Then start the local port forwarding in powershell:
ssh -L 1080:0.0.0.0:1080 root@<IP>
Then forward to 0.0.0.0 to make the 1080 available:
netsh interface portproxy add v4tov4 listenaddress=0.0.0.0 listenport=1080 connectaddress=127.0.0.1 connectport=1080
Then in WSL proxychains.conf:
socks5 172.31.0.1:1080 1080
After usage close SSH and remove the forward:
netsh interface portproxy delete v4tov4 listenaddress=0.0.0.0 listenport=1080
To clean as well the firwall rule:
netsh advfirewall firewall delete rule name="Allow WSL Proxy"
When running a port scan or any other activity from an attack server, we can use tmux to save terminal sessions, keep track of activity, and turn off the host machine or close the terminal while leaving the server active:
tmux new -s <session name>
<command to run for a long time>
To let it run in the background:
Ctrl + B, then D
To reconnect later:
tmux list-sessions
tmux attach -t <session name>
To finish it:
tmux kill-session -t <session name>
We can use comercial tools that use residencial or phone Ips and rotate them: