Using TOR or VPN to Attack Computers

I know that you can attack remote systems using TOR and add more obfuscation by proxie chaining.
With the exception of a rogue exit node, How would I be vulnerable to discovery?

Does the risk of arrest rely on the the targets willingness to prosecute?

Would I be better off using a VPN service like XeroBank?

 

I think that Xerobank has special software that can detect certain types of criminal activity like spamming and hacking. It is against their TOS to attack people.

 

I just picked the XeroBank name out of a hat.

I've been reading about pentesters, tools, and methods.
How do they hide tracing their location?

I have found that one option is TOR, Proxiechains and Socat in order to satisfy various methods used to access a victim.
How is it vulnerable, with the exception of a rogue exit node, to discovery?

A VPN service like XeroBank is another option. Sure they have limitations for illegal activity in their TOS.
Don't Pentesters use a service like XeroBank to do they're job of network infiltration angainst those who employed them?
A Pentester with a contract from a company makes what they are doing legal.
Why use a system that has some limitations when a better bandwidth system is available.
Running an nmap scan against a large network over TOR could take some time, and time is money.

 

TOR is pretty restrictive as to what data you can transmit. More so than a VPN service.

 

But that is what Socat can help with.

 

When we are talking about illegal attacks, they rely on bots and other hacked system the attacker proxies through. As for legal pen testers I don't see why they should need to hide their IP at all.
Of course there are also white hats who test Tor itself for example but that's another topic.

 

Tor would be much better than just chaining any old group of open proxies since TOR's circuits are encrypted.

Even a rogue exit node isn't going to be able to trace you. The exit node can only see the data sent, it can't see from where the data originated.

More likely for an attacker is that he will root a box somewhere, create a VPN (or ssh) tunnel to it, and then attack other boxes from there. This would be faster and probably better than using Tor.

 

Makes sense. You'll have the bandwidth of whatever you compromised.