Anonymous Browsing with TOR Windows 7

What is Tor?

Tor is free software and an open network that helps you defend against a form of network surveillance that threatens personal freedom and privacy, confidential business activities and relationships, and state security known as traffic analysis.

Why Anonymity Matters

Tor protects you by bouncing your communications around a distributed network of relays run by volunteers all around the world: it prevents somebody watching your Internet connection from learning what sites you visit, and it prevents the sites you visit from learning your physical location. Tor works with many of your existing applications, including web browsers, instant messaging clients, remote login, and other applications based on the TCP protocol.

Why we need tor

Using Tor protects you against a common form of Internet surveillance known as “traffic analysis.” Traffic analysis can be used to infer who is talking to whom over a public network. Knowing the source and destination of your Internet traffic allows others to track your behavior and interests. This can impact your checkbook if, for example, an e-commerce site uses price discrimination based on your country or institution of origin. It can even threaten your job and physical safety by revealing who and where you are. For example, if you’re travelling abroad and you connect to your employer’s computers to check or send mail, you can inadvertently reveal your national origin and professional affiliation to anyone observing the network, even if the connection is encrypted.

How does traffic analysis work? Internet data packets have two parts: a data payload and a header used for routing. The data payload is whatever is being sent, whether that’s an email message, a web page, or an audio file. Even if you encrypt the data payload of your communications, traffic analysis still reveals a great deal about what you’re doing and, possibly, what you’re saying. That’s because it focuses on the header, which discloses source, destination, size, timing, and so on.

A basic problem for the privacy minded is that the recipient of your communications can see that you sent it by looking at headers. So can authorized intermediaries like Internet service providers, and sometimes unauthorized intermediaries as well. A very simple form of traffic analysis might involve sitting somewhere between sender and recipient on the network, looking at headers.

But there are also more powerful kinds of traffic analysis. Some attackers spy on multiple parts of the Internet and use sophisticated statistical techniques to track the communications patterns of many different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Internet traffic, not the headers.

Staying anonymous

Tor can’t solve all anonymity problems. It focuses only on protecting the transport of data. You need to use protocol-specific support software if you don’t want the sites you visit to see your identifying information. For example, you can use Torbutton while browsing the web to withhold some information about your computer’s configuration.

Also, to protect your anonymity, be smart. Don’t provide your name or other revealing information in web forms. Be aware that, like all anonymizing networks that are fast enough for web browsing, Tor does not provide protection against end-to-end timing attacks: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your chosen destination, he can use statistical analysis to discover that they are part of the same circuit.

Configuring Windows 7 to browse with TOR:

1. Go to website of tor project; https://www.torproject.org/

2. Clik to Download stable TOR;

3. Click to open downloaded .exe file, to start the setup;

4. When install leave default “FULL” instalation;

5.  Open the new installed program “VIDALIA”  and click on “Start Tor”

In 10-15 second you will be connected to TOR;

6. If you have some problem with default TorButton, check this;

Go to https://www.torproject.org/torbutton/ and install the stable TorButton; Firefox 5.0!

7. When TorButton install is finish, restart Firefox an you’ll see the new TorButton;

8. Click to this new button and choose “Toggle Tor Status”;

The Tor is now enabled in your browser, you see the green color on the TorButton;

9. Now TOR is started, as you can see on step 5. and you enable the tor for your browser “Firefox” with TorButton.

Now you can start your browsing through the internet and change your identity bi clicking “Use a New Identity” to change your IP address.

Every time you click on “Use a New Identity” you will get the different IP Address in Firefox, if  TOR is enabled.

If you want to test your IP Address, go to http://www.whatismyip.com/ and you will see, what is your current IP Address when you browsing through the internet with your Firefox Browser.

For more information; https://www.torproject.org/

Disable NetBIOS over TCP/IP in Windows 7 ent.

NetBIOS over TCP/IP (NBT, or sometimes NetBT) is a networking protocol that allows legacy computer applications relying on the NetBIOS API to be used on modern TCP/IP networks.

NetBIOS was developed in the early 1980s, targeting very small networks (about a dozen computers). Some applications still use NetBIOS, and do not scale well in today’s networks of hundreds of computers when NetBIOS is run over NBF. When properly configured, NBT allows those applications to be run on large TCP/IP networks (including the whole Internet, although that is likely to be subject to security problems) without change.

NetBIOS provides three distinct services:

  • Name service for name registration and resolution (port: 137)
  • Datagram distribution service for connectionless communication (port: 138)
  • Session service for connection-oriented communication (port: 139)

If you want disable NetBIOS over TCP/IP you take the following steps:

1. Right click to your network interface at the right down corner:

2. Choose “Open Network And Sharing Center”

3. Next click to “Change Adapter Settings”

4. Right click on your network adapter and choose “Properties”

5.  On your network adapter click to “Internet Protocol Version 4” and Properties.

6. When you open the “Properties” you hit on button “Advanced”

7. When you click to Advanced button, Windows will open “Advanced TCP/IP Settings”

In that last window you click on “WINS” tab and then choose “Disable NetBIOS over TCP/IP”

And NetBIOS over TCP/IP is Disabled.

LM Password and NTLMv2 Password

Introduction:

Passwords tend to be our main and sometimes only line of defense against intruders. Even if attackers do not have physical access to a machine they can often access a server through the remote desktop protocol or authenticate to a service via an outward facing web application.

The purpose of this article is to educate you on how Windows creates and stores password hashes, and how those hashes are cracked. After demonstrating how to crack Windows passwords I will provide some tips for ensuring you are not vulnerable to these types of attacks.

How Windows Stores Passwords:

Windows-based computers utilize two methods for the hashing of user passwords, both having drastically different security implications. These are LAN Manager (LM) and NT LAN Manager version 2 (NTLMv2). A hash is the result of a cryptographic function that takes an arbitrarily sized string of data, performs a mathematical encryption function on it, and returns a fixed-size string.

LM Password Hashes:

The LAN Manager hash was one of the first password hashing algorithms to be used by Windows operating systems, and the only version to be supported up until the advent of NTLMv2 used in Windows 2000, XP, Vista, and 7. These newer operating systems still support the use of LM hashes for backwards compatibility purposes. However, it is disabled by default for Windows Vista and Windows 7.

The LM hash of a password is computed using a six step process:

  1. The user’s password is converted into all uppercase letters
  2. The password has null characters added to it until it equals 14 characters
  3. The new password is split into two 7 character halves
  4. These values are used to create two DES encryption keys, one from each half with a parity bit added to each to create 64 bit keys.
  5. Each DES key is used to encrypt a preset ASCII string (KGS!@#$%), resulting in two 8-byte ciphertext values
  6. The two 8-byte ciphertext values are combined to form a 16-byte value, which is the completed LM hash

In practice, the password “PassWord123” would be converted as follows:

    1. PASSWORD123
    2. PASSWORD123000
    3. PASSWOR and D123000
    4. PASSWOR1 and D1230001
    5. E52CAC67419A9A22 and 664345140A852F61
    6. E52CAC67419A9A22664345140A852F61

LM stored passwords have a few distinct disadvantages. The first of these is that the encryption is based on the Data Encyrption Standard (DES). DES originated from a 1970s IBM project that was eventually modified by NIST, sponsored by the NSA, and released as an ANSI standard in 1981. DES was considered secure for many years but came under scrutiny in the nineties due to its small key size of only 56-bits. This came to a head in 1998 when the Electronic Frontier Foundation was able to crack DES in about 23 hours. Since this, DES has been considered insecure and has since been replaced with Triple-DES and AES. In short, it’s another encryption standard that has fallen victim to modern computing power and can be cracked in no time at all.

Perhaps the biggest weakness in the LM hash is in the creation of the DES keys. In this process, a user supplied password is automatically converted to all uppercase, padded to fourteen characters (this is the max length for an LM hashed password), and split into two seven character halves. Consider that there are 95 to the power of 14different possible passwords made up of 14 printable ASCII characters, this decreases to 95 to the power of 7possible passwords when split into a 7 character half, and then decreases to 69 to the power of 7 possible passwords when you are only allowed uppercase ASCII characters. Essentially, this makes the use of varying character cases and increased password length nearly useless when the password is stored as an LM hash, which makes LM passwords incredibly vulnerable to brute force cracking attempts.

NTLMv2 Password Hashes:

NT LAN Manager (NTLM) is the Microsoft authentication protocol that was created to be the successor of LM. Eventually enhanced, NTLMv2 was accepted as the new authentication method of choice and implemented with Windows NT 4.

The creation of an NTLMv2 hash (henceforth referred to as the NT hash) is actually a much simpler process in terms of what the operating system actually does, and relies on the MD4 hashing algorithm to create the hash based upon a series of mathematical calculations. The MD4 algorithm is used three times in order to produce the NT hash. In practice, the password “PassWord123” would be represented as an MD4 hash with “94354877D5B87105D7FEC0F3BF500B33”.


MD4 is considered to be significantly stronger than DES as it allows for longer password lengths, it allows for distinction between uppercase and lowercase letters and it does not split the password into smaller, easier to crack chunks.

Perhaps the biggest complaint with NTLMv2 created hashes is that Windows does not utilize a technique called salting. Salting is a technique in which a random number is generated in order to compute the hash for the password. This means that the same password could have two completely different hash values, which would be ideal.

With this being the case, it is possible for a user to generate what are called rainbow tables. Rainbow tables are not just coffee tables painted with bright colors; they are actually tables containing every single hash value for every possible password possibility up to a certain number of characters. Using a rainbow table, you can simply take the hash value you have extracted from the target computer and search for it. Once it is found in the table, you will have the password. As you can imagine, a rainbow table for even a small number of characters can grow to be very large, meaning that their generation, storage, and indexing can be quite a task.

More information:

http://en.wikipedia.org/wiki/LM_hash

http://en.wikipedia.org/wiki/NTLM