How to hide my IP address safe?

 The IP address used on the internet is literally called your PUBLIC IP address.

An IP address is needed for source and destination information. Do you expect to mail a letter with no addresses on it? Do you expect to make a phone call without a sender and receiver phone number? Do you expect your car GPS to guide you somewhere without knowing where you currently are? Then how do you expect data to get from point A to point B and back without telling the server what Point A is?

With an IP address your typical hacker can lookup your city and state since your local ISP owns that IP address. If it is in a database somewhere then MAYBE they can correlate that IP to your name and address

Back fire of IP Address

I will ping your IP to check if its up or not. After that, I will nmap (port scanner and much more) you to find all the services running on your system. With Nmap by my side, I can find out which OS you are using and all possible daemons with ports.

Then comes judging part which port to target or what outdated services are you running (vulnerable services). After making a list of that, my attack will differ.

If you are a website or web-server, then I may use nikto or vega to scan for vulnerabilities in web-applications. Some common but major flaws are :

• SQL injection or blind as well
• cross-site scripting
• cross-site forgery
• invalid password or form submission
• shell injection and many others

Here comes the attack phase, where I can use popular tools like Metasploit to launch myriads of attacks or even use social engineering to trick you into opening spammed emails containing trojans or malware. If I am persistent enough, I may get inside your computer using any methods.

Even, password crackers can be used for breaking authentication against FTP, ssh, or telnet protocol. Common ones are hydra, john the ripper and so.

After getting inside, I may wreck your pc and it depends on the mindset of a hacker for why is he hacking ?!.

Then comes post-exploitation phase were cleaning up the log files and other suspicious tracks and maintaining persistence for re-visiting may be done