[Detectives | How does iron merge and how do they detect dedicates?]”

Covering some interesting issues

1 How to detect dedic 2 How to detect SSH tonnel 3 How to detect virtual machine 4 How to detect real hardware

1) How do they detect dedicates?

Ping to RDP port 3389. Is this port open? The dedicator is 100% According to server http headers, it’s unlikely the average user uses Windows Server 2008 Hostname like server.dedikatedhost.com

2) How do SSH tonnel detect?

Same ping on port 21, 80 and 443 Tester https://2ip.ru/privacy/ Hostname like server.dedikatedhost.com

3) How do they detect the virtual machine?

Detect by specific device names, such as video cards via WebGl or WebRtc device enumeration With Java (not javascript) you can pull any information from the system, even what processes are running

4) How do they detect machine hardware?

There are public ways, there are private ways. No one will tell you about private ones. But you can be sure that Firefox and Chrome have special functions, I’ve even found equipment lists in browser memory dump. Advice to block all requests to all *google* and *mozilla* addresses via Proxifier (new Rule, Hosts *google* and *mozilla*, Block) or firewall

Public methods for Chrome: WebGl video card name. Tester https://www.browserleaks.com/webgl (see Unmasked Renderer) WebRTC Media Device Enumeration. Tester https://www.browserleaks.com/webrtc (see Unique Device IDs). Everyone has learned how to block WebRtc, but the normal machine always has WebRtc enabled and blocking it is suspicious. Java applet, like I said, can do everything, even read process lists

About private: I found a private some time ago, the MAC address was slipping the network card in packets There was a javascript that was pulling BIOS data through MSIE ActiveX.

I’m going to share a pulled out piece of semi-private code. The function names speak for themselves

script type=text/javascript src=Script.js/script script type=text/javascript function load() { show(biosCharacteristics, BiosCharacteristics()); show(biosVersion, BIOSVersion()); show(buildNumber, BuildNumber()); show(caption, Caption()); show(currentLanguage, CurrentLanguage()); show(description, Description()); show(installableLanguages, InstallableLanguages()); show(installDate, InstallDate()); show(languageEdition, LanguageEdition()); show(manufacturer, Manufacturer()); show(name, Name()); show(primaryBIOS, PrimaryBIOS()); show(releaseDate, ReleaseDate()); show(serialNumber, SerialNumber()); show(smBIOSBIOSVersion, SMBIOSBIOSVersion()); show(smBIOSMajorVersion, SMBIOSMajorVersion()); show(smBIOSMinorVersion, SMBIOSMinorVersion()); show(smBIOSPresent, SMBIOSPresent()); show(softwareElementID, SoftwareElementID()); show(softwareElementState, SoftwareElementState()); show(status, Status()); show(targetOperatingSystem, TargetOperatingSystem()); show(version, Version()); }

And that’s all the tip of the iceberg, there are a number of things that no one will say and that even I don’t know

Sincerely, Dr.Cert

Добавить комментарий

Ваш адрес email не будет опубликован. Обязательные поля помечены *