Paranoia and a Terminal - Part 0x03 - Tor Hidden Services

hiddenservice
torservice
paranoia
tutorial
linux

(Command-Line Ninja) #1

Hello, my loyal 0x00’ers! You are reading my 4th Installment of Paranoia and a Terminal!

Today we are going to discuss how to set up a Tor Service; and how to access it. Tor services are a really good addition to your toolkit as a Paranoid hacker. Tor can be used as an Anonymity tool, but providing Anonymity is only a facet of what Tor is capable of.

What’s a Tor Service?

So firstly, what’s a Tor Service?

A Tor Service (or .onion address) is a service on the Tor Network. The quote directly from The Tor Project

Hidden Services are a Tor technology that allows users to connect to services (blogs, chats, and many other things) with neither the user nor the site giving up identifying information.

Tor Services are great things because they provide Anonymity for both parties, the server is completely hidden as is the client.

Using a Tor Hidden service avoids the obvious issue of Exit Nodes, but it also incorporates a separate encryption layer between the last node and the Tor Service, so technically HTTPS is unnecessary. This is incredibly powerful as neither the Sysadmin or the User can mess up on this very simple necessity of encryption.

Tor Hidden Services also sidestep 2 major issues with security.

  • Firewalls
  • Port Forwarding

When you configure a Tor Hidden Service (as you’ll see later), you don’t need to ever configure your router to port forward to allow Tor through (only outgoing ports), and you don’t need to worry about blocking ports (such as SSH). This instantly provides a huge layer of protection.

This means you can have a remote server with HTTP, SSH and other control ports open, but only configure the HTTP Ports to show on the Tor Service. This means nobody would know it’s an HTTP server by looking at the cleartext side, and nobody would know it had SSH from the Tor side.

Secrecy is Security - right?

Configuration

Configuration is very straight forward. Firstly you need to get a web server (or any other type of server running), and install tor. Tor being the standalone application, not the Tor Browser Bundle.

On Linux this is as simple as taking a trip to your favourite package manager.

*buntu/Debian

$ sudo apt-get update && sudo apt-get -y install tor

Or…

Arch:

$ sudo pacman -S tor

Very straightforward.

Now just run Tor for the first time to get all the files generated and such.

$ tor

In the event you get an error here, you will probably need to sort out permissions. Assuming your user name is “nuller”, run:

$ sudo chown -R nuller:users /var/lib/tor

Now you need to edit your Tor Config file. On most machines this is at /etc/tor/torrc

$ sudo vim /etc/tor/torrc

(You can use nano here or whatever editor you would like here although I use vim).

Append on the last two lines

HiddenServiceDir /var/lib/tor/secret-server/
HiddenServicePort 80 127.0.0.1:80

These two lines are extremely simple.

  • HiddenServiceDir - This is the location of where your private key files and such will be stored, make sure this directory location is safe. The directory will be made if it doesn’t already exist.
  • HiddenServicePort - This is the port infomation. The first argument, “80” is the Tor Service Port, and the second one “127.0.0.1:80”, is the address you want to forward to. In theory this can be any IP and port and does not have to be your local machine.

Once you’ve done that, save the file and restart Tor!

With my Tor configuration on Arch, it is not very verbose and doesn’t even tell me it worked. However on Ubuntu it is very verbose and tells me all about it.

In the event that your .onion address isn’t told to you. Navigate to that directory you mentioned in HiddenServiceDir. In our example it was /var/lib/tor/secret-server/

$ cd /var/lib/tor/secret-server/
$ ls

In there are two files

  • hostname - This file simply contains the hostname to your newly generate Tor Service.
  • private_key - This file contains your private_key (KEEP THIS SAFE). If anybody finds this private key they can spoof your service and cause some serious problems. Guard this with your life.

Now if everything is set up correctly and Tor is running, navigate to the address in hostname and your new shiny Tor Service should be up and running! Easy eh?

You can now run an incredibly fraudulent illegal site, or just something you want to stay secure! The choice is yours! Please, don’t make something incredibly illegal and then blame us, that would be awful

At this point, you can either leave and be happy with mediocrity, or you can stay and find out how to be truly 1337.

Client Configuration

So what you’ve just set up right now is really cool, although it only really rocks for things like web servers, and at this point in time you can only access it through The Tor Browser. What are you going to do when you want to funnel your IRC traffic through it?

Say hello to mapaddress + proxychains.

I’m hoping you’re familiar with proxychains, it’s been covered countless times, and Pico even made a tutorial about how it works.

mapaddress allows you to map real life addresses to Tor Addresses so that dumb clients like IRC Clients and Hosts files can recognise them.

On your client machine (assuming you have Tor set up), edit your config file.

$ sudo vim /etc/tor/torrc

Scroll to the bottom and append

AutomapHostsOnResolve 1
AutomapHostsSuffixes .exit,.onion

mapaddress 100.100.100.100 nullxvxy6kasmy2r.onion

These lines will allow you to map nullxvxy6kasmy2r.onion (0x00sec Tor Address) to 100.100.100.100. If you restart Tor and do:

$ proxychains curl 100.100.100.100

It should respond with the 0x00sec homepage in raw HTML. Now you can move onto more exciting things, like configuring your IRC client or patching your hosts file.

Personally I have configured duckduckgo.com to point to 100.100.100.100, so when I load my browser using Tor as a Socks Proxy, it automatically loads duckduckgo results through the Tor Address; it doesn’t even look any different.

I hope you all enjoyed this article! It was a lot of fun to make, and it is really fun to be able to share to this awesome & warm community! I look forward to your comments!

Stay Snappy!

- pry0cc


Python Reverse Shell
#2

######(Please ignore the fact that it is a facebook like…)


(Command-Line Ninja) #3

Thanks a tonne @n3xUs!


(oaktree) #4

This is interesting. The last part is even cooler.


(Command-Line Ninja) #5

Thank you! I like it too.


(Merozey) #6

great article pry0cc!


(Command-Line Ninja) #7

Thanks @Merozey! I knew you’d like it :stuck_out_tongue:


(Command-Line Ninja) #8

This topic was automatically closed after 30 days. New replies are no longer allowed.