10/11/13

Tor Wacky Times and the NSA

gAtO rEaD – that Tor (The Deep Dark Web) is now all messed up by the NSA, FBI and LEO so all you bad guys using the Tor network better watch out, or should they???fed_links_01

Aug 5 the FBI snakes in Freedom Hosting and put a number of websites out of business in the Dark Web. They let the flames go out that they caught a bunch of Pedophile sites with that bust, but it does not seem so.

The Attack on the Dark Net Took Down a Lot More Than Child Porn – http://gawker.com/the-attack-on-the-dark-net-took-down-a-lot-more-than-ch-1081274609 – gAtO contribute to this article–

fed_usCitizenship_01Aug 19 – Millions of Tor Clients start to go up in numbers. What’s this all about, we get a bunch of Tor clients just hanging around doing nothing in Tor. Some say it’s a Bot-net or something like that. Then it growns 4, 5  million Tor users and the last week or so it starts to go down again. So what is all this about all these Tor Clients and the Tor- Botnet?fed_rent_a_hacker01

Oct 3– Silk Road get’s taken down, Oh the FBI had a copy of the Silk Road servers back in June just before the AUG 5 take down of FH by the FBI. So the Feds had Silk Road all this time and this is all they can do, can’t even get a few Bitcoin wallets- what a cluster fˆ%k—//fed_cc-paypal_01

Now you got NSA saying that Tor is cracked and the bad guys cannot use it. They claim that they can hack Tor anytime and anywhere with documents that a summer student left on how to hack the Tor network back in 2006. By the Way – most of these hacks do not work in Tor, maybe on a regular network but not on the Tor network.fed_hit_man_01

So now gAtO goes in search of Tor sites and a lot of sites went down by hook or crook —BUT someone has started to replace these Tor Hidden Websites in the Tor Network – But something is FuNnY – all these sites us the same web templates –

So now you can take a walk down memory lane and see all the older Tor-Websites have gone away and new ones have magicly re-appear.

fed_apple4bitcoin_01Now if this was the only place were this has happens OK sure, but at other Tor- Wiki Tor Link sites you will see the same thing – Commercial sites are all FuNnY and all the non-commercial Tor-websites are Tango Down.

So now Tor goes round and round but nobody knows what the heck is going on- In the Tor network – The Deep Dark Web run by Criminals or the FBI – you can answer these questions yourself by visiting the site –trust but Verify– ((not me))– gAtO oUt

fed_counterfiet_euro_50 fed_counterfiet_usd_01 fed_links_01 fed_mobile_steal_store_01 fed_uk_guns_01

 

 

 

 

 

 

 

 

 

 

 

 

08/28/13

Tor Usage goes UP PirateBay, Iran-Syria and Google-play Orbot

USCyberLabs Stats of the Tor Network Aug-27

USCyberLabs Stats of the Tor Network

gAtO hEaR _UPDATE-

Sudden rise in direct Tor users



On Tuesday 27th, Roger Dingledine drew attention to the huge increase of Tor clients running [14]. It seems that their number has doubled since August 19th according to the count of directly connecting users [15]. According to Roger this is not just a fluke in the metrics data. The extra load on the directory authorities is clearly visible [16], but it does not look that the overall network performance are affected so far [17]. The cause is still unknown, but there are already speculations about the Pirate Browser [18] or the new “anti-piracy” law in Russia which is in force since August, 1st [19]. As Roger pointed out, ?some good solid facts would sure be useful.?

[14] https://lists.torproject.org/pipermail/tor-talk/2013-August/029582.html

[15] https://metrics.torproject.org/users.html?graph=direct-users&start=2013-05-29&end=2013-08-27&country=all&events=off#direct-users

[16] https://metrics.torproject.org/network.html#dirbytes

[17] https://metrics.torproject.org/performance.html

[18] https://lists.torproject.org/pipermail/tor-talk/2013-August/029584.html

[19] https://lists.torproject.org/pipermail/tor-talk/2013-August/029583.html



Ever since the the NSA Prism program came out something else is going on in Tor. People want privacy and they will use anything they can to get it. Tor is one solution that a lot of people know about but there are other factors about the increase.

Piratebay.sx and it’s users are doing a lot more stuff with the new browser – There has not been a sustained increase in search traffic for the Pirate Browser on Google. Tor and “Tor browser” haven’t shown a spike in search, either. Could it be from users in Syria?  Also note that the Google Play Store has been unblocked in Iran, allowing distribution of Orbot/Orweb in that country to phones with the Play Store app installed (partial bootstrapping problem).

Syria had a spike from 1000 to 4000 but that’s a tiny fraction of the recent increase. Iran doubled from 4000 to 8000 which is also only a part of the increase. Is there a page listing each graph by country or overlapping them all?

The Tor Project also pushed out Orbot v12 to Google Play in the last few weeks – 2 separate updates. That would not account for all of the increase, but it could have prodded enough existing users who had not used Orbot in awhile to start the app up again. We have also seen about 75,000 new installs over the last 3 months.

So we have a lot of factors as the Tor network grows larger everyday- gATo oUt

 

11/14/12

What Are ToR Hidden Service?

gAtO tHiNkInG - anonymity serves different interest for different user groups; To a private citizen it’s privacy, to a business it’s a network security issue. A business needs to keep trade secrets or have IP (knowledge base data-centers), communicate with vendors securely and we all know that business need to keep an eye on there competition – the competition can check your stats

update -11-14-2012 -uscyberlabs.com Tor Hidden Servicehttp://otwxbdvje5ttplpv.onion gAtO built this as a test sandbox / honeypot — cool logs stats -DOWN 4 upgrade – 06-11-2013

(http://www.alexa.com/siteinfo/uscyberlabs.com) and check on how your business is doing, what keywords your using, demographics of users hitting your site—— by the way in the Tor-.onion network a web site/service cannot be monitored unless you want it…

How would a government use a ToR-network I’m asked all the time —

// if I was an (agent/business-person)state actor doing business in China (and other countries too) well I would use a ToR-.onion connection to keep my

business private from a government that is know to snoop a bit on travelers to their country. The fact is governments need anonymity for their security -think about it “What does the CIA Google for?” Maybe they us ToR??? But this is about Hidden services right.

 

What is a hidden service in ToR-.onion network?

SImply put it’s a web site/service, a place in the ToR network were we have a service like:

  • Search Engine
  • Directories
  • web / pop3 email
  • PM Private Messages
  • Drop Box’s
  • Re-mailers
  • Bulletin Boards BBS
  • Image Boards
  • Currency exchange
  • Blog
  • E-Commercce
  • Social Networks
  • Micro-Blog -

Hidden Services are called hidden, because your website’s IP in ToR is hidden- they cannot see the IP of your server — they can’t track you- if they can’t find you how are they gonna hack you???? Sorry I had to say that -((more about that later)). Now how do I keep this secret (my IP) and let you the user use my services. In the normal web if your in uscyberlabs.com your on my site,— my server -you can do a whois and get my IP and geo-location— then you can attack my website with dDoS and other IP attack vectors, you also get my location so you can physically find me- my server/my website – maybe go dumpster diving in the trash and get my company secrets— mAyBe sI – nO,

Well in the ToR-.onion network you the client ask the business website if they can use the websites service / then decide and start a handshake to a rendezvous POINT to meet  —we meet at an OR ((onion relay))-a rendezvous POINT) not at my server/ my IP — so your never ever on the business site/server when your in onionLand, you can’t do a whois and get my IP because we meet at an OR, you cannot find my geo-location…..

We have heard of the killings of Iranians and Syrian rebels being killed in todays news, when an Iranian rebel is fighting for his and his families life if they(the government) finds his IP or the IP of the website he visited // they will hunt that person down and the Iranian police/government will kill the whole family sometimes. So keeping an IP from someone is not an evil act it is an act of privacy for safety on both sides the client and the business.

you need to look at Figure 2 to explains this better:

Now let’s focus on R2 OR the yellow key. That’s the spot were you(your company’s hidden website) and your client meet — I know it’s a sneaky way of doing business but once again if they can’t get to your IP at least that is one attack vector that can’t be used to hack you or ddos you. OK they can still hack you but it’s software then. How it’s all done – the magic —the technical thingy to this is below —/this is just an outline of events of the client /hidden web/service protocol:














I goes something like this –

  • ESTABLISH RENDEZVOUS cell
  • INTRODUCE1
  • INTRODUCE2 cell
  • INTRODUCE ACK cell.
  • INTRODUCE2 cell
  • RENDEZVOUS1 cell
  • sends a RENDEZVOUS2 cell Chat
  • sends a RENDEZVOUS2 cell Blog
  • RENDEZVOUS ESTABLISHED cell

1. Whenever the rendezvous point receives a RELAY_COMMAND_RENDEZVOUS1  with the same cookie as the OR sent in the RELAY_COMMAND_INTRODUCTION1 cell it logs the reception and the IP address of the immediate transmitter of the cell. At the same time, the OR middle node monitors the circuits passing through it. Whenever it receives a DESTROY  cell over a circuit it checks:

1) whether the cell was received just after the rendezvous point received the RELAY_COMMAND_RENDEZVOUS1 cell;

2) if the next node of the circuit at the middle node coincides with the previous node of the circuit at the rendezvous point;

3) whether the number of forwarded cells is exactly 2 cells up the circuit and 52 cells down the circuit.

More Geek network kinda stuff::

1. Jun 03 20:50:02.100 [notice] Tor 0.2.1.0-alpha-dev (r14739) opening new log file.

2. Jun 03 20:50:11.151 [notice] We now have enough directory information to build circuits.

3. Jun 03 20:50:12.697 [info] rend_services_introduce(): Giving up on sabotage as intro point for stuptdu2qait65zm.

4. Jun 03 20:50:18.633 [info] rend_service_intro_established(): Received INTRO_ESTABLISHED cell on circuit 1560 for service stuptdu2qait65zm

5. Jun 03 20:51:18.997 [info] upload_service_descriptor(): Sending publish request for hidden service stuptdu2qait65zm

6. Jun 03 20:51:22.878 [info] connection_dir_client_reached_eof(): Uploaded rendezvous descriptor (status 200 (“Service descriptor stored”))

People ask me how can these hidden services be attacked???

It’s all the same as in the surface web you find the software the hidden service is using /// let’s say Worpress (or flatPress) if they use an old version with vulnerabilities then, that site can be hacked by traditional hacking attack vectors— gAtO can’t wait till USCyberLabs.com will have a sandbox in the .onion were we can have a honeypot for people to hack and learn from.  (we need Funding for these project donate please – we will share) gAtO has not tried Backtrack 5 on ToR-.onion network – mAyBe sI -nO – uscyberlabs.com has been hacked a few times already and is consistently fighting bot’s and spammer, it goes on and on.everywhere-.-.-.-

Here are some technologies used in the ToR-.onion network:

update -11-14-2012 -uscyberlabs.com Tor Hidden Service = http://otwxbdvje5ttplpv.onion gAtO built this as a test sandbox and it turned into a honeypot — cool logs stats

TorStatusNet – http://lotjbov3gzzf23hc.onion/   is a microblogging service. It runs the StatusNet microblogging software, version 0.9.9, available under the GNU Affero General Public License.

FlatPress is a blogging engine like -Wordpress blog http://flatpress.org/home/   – http://utup22qsb6ebeejs.onion/

Snapp BBS works fine in OnionLand - http://4eiruntyxxbgfv7o.onion/ -

PHP BBS – http://65bgvta7yos3sce5.onion/

Nginx is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server.  – http://ay5kwknh6znfmcbb.onion/torbook/

Anyway I hope this open up the mystery of a hidden service in ToR – it’s just a website, you go to a rendezvous point and do your business — your IP and the business IP are totally secure. No digital breadcrumbs. Now a word to the wise in the ToR-.onion network you have some very tech savvy people and some are very stupid be a critical-cyber user always -gAtO oUt.

11/13/12

Protocol-Level Hidden Server Discovery -WRONG

sOrRy – AROGANT gAtO - Open letter to:zhenling – jluo -wkui – xinwenfu – at seu.edu.cn cs.uvic.ca cs.uml.edu  – I wrote to you and gave you a chace to reply so her it goes for everyone to see that you rigged your lab in real life it does not work like you claim – gATO OuT – may be wrong mAyBe Si -nO 

zhenling@seu.edu.cn
jluo@seu.edu.cn
wkui@cs.uvic.ca
xinwenfu@cs.uml.edu

Protocol-Level Hidden Server Discovery

Since entry onion router is the only node that may know the real IP address of the hidden service— -note [3] The assumption was made in virtually all attacks towards the Tor network. This is reasonable because onion networks routers are set up by volunteers.

WRONG folks — So criminals work in these sterile structured surrounding – following rules and making assumptions that I’m stupid enough to not know how to control ENTRY and EXIT nodes into my Tor Website— COme on Dudes this is not school it’s the real world… otwxbdvje5ttplpv.onion here is my site now find my IP —

WHo am I – Richard Amores – @gAtOmAlO2 – I run http://uscyberlabs.com – I just finished a boot -“ The Deep Dark Web” Amazon New eBook -The Deep Dark Web – http://www.amazon.com/dp/B009VN40DU   Print Book – http://www.amazon.com/The-Deep-Dark-Web-hidden/dp/1480177598 :- I do a we bit of real life research and I disagree — I go thru a proxie and a VPN in EU… before I go into Tor so the chances that you will find my IP just went up a notch or too. But I’m a legit – Security Researcher – imagine if I run Silk Road — making a bunch of Bitcoins a DAY— how many layers do they have—

how about a basic BRIDGE RELAY — and there it goes – u can’t touch this — how about a simple modification of the torrc file with these
HiddenServiceAuthorizeClient AND – HidServAuth
with these few modification the Tor site is hidden unless you have the key (HiddenServiceAuthorizeClient) in your browser/- that was generated to match the HidServAuth)-of the server– I think that your chances of finding my mean ass hidden service ip address —are ZERO…

I like what you’ll did cool analyst and you explained it great – but this puts fear into people – dissidents will maybe not use Tor because of what you guy’s say and maybe they may get caught and killed… It’s not only CRIMINALS — I know that gets grants money — but Tor is used to communicate and it allows – Freedom of Speech in Cyberspace- I’m gonna write something about this and I want to be nice so please explain why — you can say from an educational place of knowledge and allow this – “in the box” thinking that is being hacked everyday because they say— we did everything they told us to do— this is wrong and not true —

If you could get the IP of Silk Road — or better yet – PEDO BEAR the largest PEDO directory in TOR — tell me the IP and I will take it down myself— but don’t come at me saying we are right and every hacker is wrong  — learn please our world is depending on your great minds —

later,
RickA- @gAtOmAlO2 http://uscyberlabs.com

Here is the original paper —http://www.cs.uml.edu/~xinwenfu/paper/HiddenServer.pdf
A recent paper entitled Protocol Level Hidden Server Discovery, by Zhen Ling, Kui Wu, Xinwen Fu and Junzhou Luo.  Paper is starting to be discussed in the Tor community.  From my perspective, it is a nice attack to reveal the IP address of a hidden service.  It would require resources to actually implement effectively, but for Law enforcement trying to shutdown and arrest owners of illegal websites selling drugs, weapons, or child pornography and are hiding behind Tor, it is an option.  Of course that also means the capability to find anyone that might be doing something a government or large entity does not agree with. The paper is here.
This stuff reminds me of a statement a professor said to a class I was in once:  “Guns are not good or bad.  It depends on who is holding the gun and which end is pointed at you.”

10/28/12

Cyber-War Digital -vs- Global Currency

gAtO rEaD - in Forbes – “Biitcoin Prevent Monetary Tyranny” -mEoW- Currency tyranny by global bankers and government can be down right ugly. They can shape debt into deliberate inflation, they can enforce persecutory capital control or even pre-arrange default – let’s not forget LIBOR manipulation and austerity against countries after they have ripped out all natural resources, install a puppet king and all that jazz —/ everything controlled by THE BANK CARTEL. On the other side of the coin..//

On Oct. 6 Susanne Posel reported -/ an attempt to hack into the U.S.A executive branch’s computer system through an unclassified network.  That’s the White House kitties with a simple “Spear Phishing” attack. They trolled for names of Top Military and government officials in Google’s Gmail account and got a few hit. Once again “Open Source Intelligence”  

– everything goes somewhere and gAtO (as well as others) goes everywhere.

A few days later the Iranians government blocked Gmail by government officials due to fears that Email can be a point of infection for attacks- I think that’s in the security 101 course

Bruce Schneier one of our cyber gods that knows what he is talking about say’s it best about chicken little screaming “the cyber Sky is falling” – STROKING CYBER FEARS – “Secretary Panetta’s recent comments are just the latest; search the Internet for “cyber 9/11,” “cyber Pearl-Harbor,” “cyber Katrina,” or — my favorite — “cyber Armageddon.” But Bruce says it best in his own words  “There’s an enormous amount of money and power that results from pushing cyberwar and cyberterrorism: power within the military, the Department of Homeland Security, and the Justice Department; and lucrative government contracts supporting those organizations. As long as cyber remains a prefix that scares, it’ll continue to be used as a bugaboo.”  -may I add-/ to make lots of MONEY in private-corporation and government contracts worldwide. Fear + Cyber Security = BIG $$$

Fear is what bankers see as Africa is the first country that is being targeted for the BitCoin virtual currency. Imagine the turmoil in Nigeria and other places in Africa it has had a history of unstable governments the idea of a digital currency is appealing… La-Times read -Africa — the next frontier for virtual currency?

BUT the Bitcoin is NOT ready People[1] Satoshi warned us – it’s BETA software – It has only 21 Million bit coins and the last Bitcoin will be mined in 2040 – Governments and corporations have already started the propaganda that Bitcoin’s are EVIL. — 

The most important thing is, we must all be active in out lives to make the new future- They fear us “the people” will wake up and take control of our lives” – the new generation was born with a cell device in their hand and they are using it earlier and earlier to communicate.

The Cyber war that we see is not as bad as the Cyber War that is being fought with fear and propaganda because the bankers will lose control with – One World Currency – One World Government – that is what the hacktivist want, the new kids, the new generation.

Cyberspace is the city of Babel and in this mystical city everyone was able to communicate to anyone and exchange idea, dreams and culture—/ but this cause the priest to lose control so they destroyed it and made it EVIL. It’s only Evil when you lose your power, It is EVIL when you give them control and power — it’s our turn now -gAtO oUt

References:

[1] Satoshi Nakamoto – Bitcoin Creator -https://en.bitcoin.it/wiki/Satoshi_Nakamoto

http://latimesblogs.latimes.com/world_now/2012/04/bitcoin-virtual-money-africa-rudiger-koch.html

http://www.forbes.com/sites/jonmatonis/2012/10/04/bitcoin-prevents-monetary-tyranny/ Bitcoin Prevent Monetary Tyranny

10/25/12

The deep Dark Web -Book Release

gATO hApPy

AVAILABLE @ AMAZON - http://www.amazon.com/dp/B009VN40DU

AVAILABLE @SmashWords website  @http://www.smashwords.com/books/view/247146

I learned that I hate WORD: – but it’s the general format for publishing  – text boxes- get imbedded and you can’t format to EPUB or .mobi or anything – solution after going lOcO gAtO - was copy and paste into txt editor – save as RTF then copy paste back into a new WORD document and then reformat everything from scratch – and copy over the pictures – as you can tell I had fun-..-ugh mEoW F-F-F-F as much fun as a hairball but if it get’s the message out “FREEDOM OF SPEECH IN CYBERSPACE” then we done our job, anyway I hope you read it - Thank you Pierluigi a best friend a security gAtO ever had – gATO oUt

This Book covers the main aspects of the fabulous and dangerous world of -“The Deep Dark Web” . We are just two cyber specialists Pierluigi Paganini & Richard -gAtO- Amores, with one passion and two souls we wanted to explain the inner working of the deep dark web. We have had a long collaboration in this efforts to document our findings we made infiltrations into the dark places inaccessible to many to give a you the reader a clear vision on the major mystery of the dark hidden web that exist today in the Tor Onion network..

The Web, the Internet, mobile cell devices and social networking has become commonly used words that identify technological components of daily Internet user’s experience in the cyberspace. But how much do we really know about cyberspace? Very, very little, Google / Yahoo / Bing only show us 20% of the Internet the other 80% is hidden to the average user unless you know were to look.

The other 80% of the Internet is what this book is about the “Deep Dark Web”, three words with millions of interpretations, mysterious place on the web, the representation of the hell in the cyberspace but also the last opportunity to preserve freedom of expression from censorship. Authorities and corporation try to discourage the use of this untapped space because they don’t control it. We the people of the free world control this network of Tor -Onion Routers by volunteer around the world.

The Deep Dark Web seems to be full of crooks and cyber criminals, it is the hacker’s paradise, where there are no rule, no law, no identity in what is considered the reign of anonymity, but this is also the reason why many persecuted find refuge and have the opportunity to shout to the world their inconvenient truths.

The Deep Dark Web is a crowded space with no references but in reality it is a mine of information unimaginable, a labyrinth of knowledge in the book we will try to take you by the hand to avoid the traps and pitfalls hopefully illuminating your path in the dark.

Cybercrime, hacktivism, intelligence, cyber warfare are all pieces of this complex puzzle in which we will try to make order, don’t forget that the Deep Dark Web has unbelievable opportunity for business and governments, it represents the largest on-line market where it is possible to sell and acquire everything, and dear reader where there is $money$  you will find also banking, financial speculators and many other sharks.

Do you believe that making  money in Deep Web is just a criminal prerogative? Wrong, the authors show you how things works in the hidden economy and which are the future perspectives of is digital currency, the Bitcoin.

This manuscript proposes both faces of the subject, it illustrates the risks but also legitimate use of anonymizing networks such as TOR adopted by journalist to send file reports before governments agents censored his work .

Here are some question we may answers to:

How many person know about the cyber criminals and their ecosystem in the deep web? 

How many have provided information on the financial systems behind the “dirty affairs”? 

How the law enforcement and governments use Dark Web?

Let’s hold your breath and start the trip in the abyss of knowledge to find answers to the above questions. We hope that with this book you can learn something new about – The Deep Dark Web.

10/18/12

Tor hidden service secrets

Tor hidden service secrets

gAtO fRiDaY 10-18-2012 update hay you want to see a secret -hidden service –

Creative Hack – http://2kcreatydoneqybu.onion 

on top of this the name is custom – so that took extra time and efforts and the site is real when you have thier secret token — https://ahmia.fi/pagescreenshots/2kcreatydoneqybu.png

here you can take a look at this site anyway – try to extract any information from this secret Tor Website – you can’t see any source code – so you can’t make it error to extract information. I ask a friend that’s a Penn Tester to check this out – If anyone can extract any information please let me know –gAtOoUt

gAtO fRiDaY - sound off! – As i play with my new Tor hidden service – “Ok just apache website running https: a static site -right now” – What we know is that a Tor hidden service stays hidden until you send someone your .onion URL (example:- otwxbdvje5ttplpv.onion ) now once you know the URL your have access to the site. You may have to log in like on most bb sites but at least you reached the hidden service and now you can do stuff. 

While looking at the torrc file setting I found a little secret that with (server side) HiddenServiceAuthorizeClient-tag and the HidServAuth-tag on the (client) side -// your hidden service is now INVISIBLE to only the people that have a secret key installed in their “torrc” client file. In plain talk –

1. I put a special key on my hidden server – torrc file – HiddenServiceAuthorizeClient
2. generate a new key for client side – “what_ever_bcuuw46b3heyy”
3. send keys to the secret agents that can see or access the site HidServAuth
4. Only the people with my KEY can get to the front door of my hidden service – torrc file HidServAuth

This makes it hard to find the hidden service even if you have the URL ///./. it does nothing, no source code like a normal website. I ran into a few of these and had no clue why these sites behaved the way they did. I can pick apart most websites, at least, basics like html, asp, js, java directory you can gleam all kinds of information. But if you hit one of these site in Tor well it a big 0 -zero -///.

With my TDS project (Tor Directory Scan) I am generating an onion URL A-Za-z 2-7 URL and going out to scrape it and get some basic information about the site with a basic web crawler that grabs METADATA and not just links to other pages. If I hit these sites with my basic program I’ll get a dud -zero -///- but I will have a hit of sort. I hope to catch some of these sites – we all know the rcp command works well in Tor sometimes I found and httrack is another tool for sucking up site // be they hidden service or not – these secret hidden services will be very interesting in the scan -gATO oUt

— Tor Syntax

HiddenServiceAuthorizeClient auth-type client-name,client-name,…
If configured, the hidden service is accessible for authorized clients only. The auth-type can either be ‘basic’ for a general-purpose authorization protocol or ‘stealth’ for a less scalable protocol that also hides service activity from unauthorized clients. Only clients that are listed here are authorized to access the hidden service. Valid client names are 1 to 19 characters long and only use characters in A-Za-z0-9+-_ (no spaces). If this option is set, the hidden service is not accessible for clients without authorization any more. Generated authorization data can be found in the hostname file. Clients need to put this authorization data in their configuration file using HidServAuth.


HidServAuth onion-address auth-cookie [service-name]
Client authorization for a hidden service. Valid onion addresses contain 16 characters in a-z2-7 plus “.onion”, and valid auth cookies contain 22 characters in A-Za-z0-9+/. The service name is only used for internal purposes, e.g., for Tor controllers. This option may be used multiple times for different hidden services. If a hidden service uses authorization and this option is not set, the hidden service is not accessible. Hidden services can be configured to require authorization using the HiddenServiceAuthorizeClient option

10/13/12

Customized .onion URL Address

gAtO hAs- been looking for this golden grail —how to customize a .onion address  —  but nobody knew how to do it or would never tell. Job security I guess but as I have been in i2p land and not much on Tor but I found this link to Shallot in github.com from and i2p site about Tor and i2p. Well the jig is up. I understand why it may not be a good idea for a custom name – It’s all about math and every custom digit of the 16 digit .onion address takes more time to calculate when your onion ur;l is generated in Tor. I have a new toy for a Saturday night project – Well here it is enjoy it- gAtO out

https://github.com/katmagic/Shallot

Shallot allows you to create customized .onion addresses for Tor’s hidden services. (By customized, it is meant that part of the address can be selected. Choosing an entire address would take far longer than the universe is believed to have been in existence.)

A History of Shallot

Shallot has a long history in Onion Land. In its original incarnation, Shallot was originally written by a mysterious Onion Lander called Bebop, who created its predecessor, onionhash-0.0.1, at some unknown time in the distant past. That quickly(?) evolved into onionhash 0.0.2 and 0.0.3, until Bebop and Bebop’s New Home in Onionspace mysteriously vanished. At this point, it was picked up by `Orum, who gave Shallot its current name, and went through three versions until `Orum’s site, hangman – hidden (in plain) site, went down. I (katmagic) got Shallot’s sources from Tas’s site and put them into a Git repository. I made a few modifications, wrote a new README, and put the whole thing up on GitHub for all to see.

10/1/12

USCyberLabs has a hidden service Tor otwxbdvje5ttplpv.onion

gAtO wAnTeD – to get our USCyberLabs Tor .onion network -hidden service- up and running and after thinking of other future projects we decided to make our Ubuntu -BackTrack 5 machine be our Tor Server running apache2 hidden service  . My BT5 machine is running – Gnone v.2.30.2 Ubuntu build 06/25/2010 ?

Apache/2.2.14 (Ubuntu) Server at otwxbdvje5ttplpv.onion Port 80

1. First problem BT5 is designed to run as root and Tor is not so first thing is to generate a new user:

uscyberlabs - el gatoMalo

gAtO new hidden service otwxbdvje5ttplpv.onion

# adduser gato

# password gato-password

For help go to man adduser for more information

I open up terminal for everything so as SU -(SuperUser)

nano /etc/apache2/apache2.conf > file

nano /etc/apache2/ports.conf > file

nano /lib/tor/torrc -> file

nano /etc/host -> file

2. Before we change users and start to work as gato let’s set up the apache2 service

# apt-get install apache2

whizz, bang ,- wow and it’s installed next we need to modify some configuration files.

The Apache install will install /var/www/index.html <— so modify this file for your web site:

The Apache install will install /etc/apache2 and in it you will find a bunch of the configuration files:

apache2.conf and ports.conf these two files will have to be modified and Tor torrc file.

This is a great guide — from ioerror  —but don’t try the wiki – – https://github.com/ioerror/hs-wiki/tree/master/configs another guide not so good but it helped —http://www.martini.nu/blog/2010/06/tor-vbox.html    —

ports-apache2.conf 

12 NameVirtualHost 127.0.0.1:8080Listen 127.0.0.1:8080

torrc

123

4

5

6

7

8

9

10

11

12

13

14

# some information may be for future projects -# This is a very minimal Tor configuration file to be placed in# /etc/tor/torrc unless you know better.

#

# This configuration file should be used with a wiki Hidden Service on

# 127.0.0.1:8080

#

 

Log notice file /var/log/tor/wiki.log

DataDirectory /var/lib/tor

 

HiddenServiceDir /var/lib/tor/hidden_service/

HiddenServicePort 80 127.0.0.1:8080

Add your hidden Service Tor url to your host file – trust me this really helped during trouble shooting

I added my Hidden service onion ID to the

nano /etc/host -> file

127.0.0.1 otwxbdvje5ttplpv.onion 

I generated a few more hidden service keys to deploy some other sites later -Open up 2 more terminal windows – I can start stuff in background mode but during testing everything has it’s own terminal just in case.

To install Tor on unbuntu linux — https://www.torproject.org/docs/tor-doc-unix.html.en  —

To start Tor

./start-tor-browser

To start Apache web server

sudo /etc/init.d/apache2 start

I’m not going to give you my directory structure but just a heads up :

DataDirectory  /var/lib/tor/

HiddenServiceDir /var/www/web_hidden_service

HiddenServicePort 80:127.0.0.1:8080

Since I’m testing I log to my terminal but a log error file will work better

Log notice stdout

So ok now comes the test – I have a static html website – a hidden service in the Tor .onion network. I did not go to icann for an domain name and pay them- I don’t have to pay InMotion for hosting service – just my cox-internet connection and a spare machine and I have a website in the dark web – This machine will host other websites – hidden services like wordpress, a bb bulletin board- or maybe some other web service – It will host my BotNet for the Tor Directory Project – Oh yeah I want to build a few bot’s for GOOD and map out the Tor Directory and make each Bot an OR (onion Router) so it helps the cause and gives back a bit. I plan to also run OnionOO – Arm – Atlas – mOnionO Compass and Weather.

SO if your out an about in Tor Land come on by and kick the tires and peek and poke my Tor hidden service website – otwxbdvje5ttplpv.onion  if you find any openings let me know.pls As I add new features I will tell you about them -gAtO oUt 

09/24/12

Dark Heart botnet ToR-C2 BULLET proof server collector

gAtO fOuNd - this –// it’s crook selling to crooks take it at face value -/ but it does have some interesting ideas on what is out there in criminals hands and what is going on in the dark web. Now these are 10,000 yes 10k botnets can work in the clearWeb as well as Tor and i2p anonymized networks should cause some concern because normally we don’t monitor them.  Tor Domain-flux for both clearWeb and Tor – ( Tor Domain-flux- this is so easy to do but it’s a big feature) – VPN then Tor that will make this harder to find the botMaster. But the coolest feature is the i2p connection. Sorry boy’s and Ladies but Tor is getting old, i2p is beginning to glow and it’s a little different but very safe. It goes after (scanning)  WiFi and GPS tracking – So people sync your phone data to your computers data please…C&C and // one- BULLET proof server collector –

It not very hard to do this but – C&C and // one- BULLET proof server collector – is the sales pitch anyway I have obfuscated some links and names -find it your self – I know gAtO can build this so anyone can with some light reading – that comes out to .80 cents per bot for 10,000 bots -0ne c&c panel for $8,000 bucks – pretty cheap – oh yeah the readme comes in english too.

This modified Dark Heart bots and c&c in Tor ?12p ? 256-EAS encryption- We already have reports of it by different names but this was posted around Aug 7 2012.   Here is the –/ poor mans –Tor Domain-flux is so easy when you generate a hidden service it produces a key for your address in Tor onion land / just move the key to another directory and generate your new net key and so on and so on… Some of this is really well though out —/ but I don’t trust anyone and it’s so easy to build from scratch- gAtO oUt

—— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ———

Dark Heart botnet— NOT – for sale $8000

Run on windows clients – I need 3 C&C server IP addresses to hardcode and obfuscate

bot coded in assembly no dependencies

Each build has maximum of 10k bots to ovoid widespread av detection.

Basic bot uses socks5.

built in ssh client

(fast-flux)

Bot is built with 30k pre generated 256 bit AES keys.

1 256 bit AES key for logs

1 256 bit AES key ssh

1 256 bit AES key socks 5

hwid it selects a pre-generated key 256 bit AES key.

Bot writes encrypted data into common file using stenography process injection

Download/Upload Socks5

Bot sends data to a collector bot via socks5 through ipv6 which makes NAT traversal a trivial matter.

Using ipv6 in ipv4 tunnel.

Collector bot assembly /tor and i2p Plug-ins C++ /Assuming 10k bots

Bots will be assigned into small groups of 25. And are assigned 400 collectors bots which is evenly 200 tor and 200 i2p.

Collector packages the encrypted logs and imports them into a .zip or rar archive and uses sftp to upload through tor to a bullet proof server Note the Ukraine is best know.

(Domain-flux .onion panel can be easily moved)

Using a Ubuntu Server on bullet proof server.  / Using tor and Privoxy. Panel can be routed through multiple cracked computers using proxychains and ssh.  / Server uses a simple .onion panel with php5 and apache2 and mysql. You might ask what happens if bullet proof server is down. The collector bots can be loaded with 5 .onion panels. If panel fails for 24 hours its removed from all Collectors and bot will go to the next one and so forth. A python Daemon runs and unzip the data and Imports it into a mysql database were it remains encrypted.

The bot master uses my Dark Umbrella.net panel to connect to the remote Bullet Proof server through a vpn and then through tor using ssh to run remote commands on server and sftp to upload and download. Running tor through a log less vpn through with a trusted exit node on the tor network. .net panel connects to mysql database database is decrypted on .NET panel (Note must real Bullet Proof hosting is not trust worthy this solves that issue) and imported into a local .mdb database. Then later the bot Master should encrypt database folder on true crypt. Commands are sent to bots individually rather then corporately like most bot nets. This allows for greater anonymity It will be possible to send commands corporately but strongly discouraged. Collector bots download and upload large files through i2p.

1.Connects remotely to rpc daemon through backconect and simplifying metasploit (Working)

2.Social network cracker. (Beta)

3.Statics. (Working)

4.Anonymity status. (Working)

5.Decrypt-er. Decryption codes in highly obfuscated.net limiting each build to 10k bots. (Working)

6.Daemon status (Working)

7.logs (Working)

8.Metasploit connects via rpc. (working)

9. GPS tracked Assets by Google maps and using net-book with a high powered external usb wifi attenas.

Starts an automatic attack if wep if wpa2 grabes handshake. If open starts basic arp spoofing attack. Common browser exploits. (alpha)

10.Teensy spread. (in development)

11.vnc back connect. (working)

12. Advanced Persistent threat. Fake Firefox, Fake Internet Explorer, Fake Chrome. Fake Windows Security Essentials. (in development allows for excellent custom Bot-master defined keyloging)

13. Dark search bot index file is downloaded allowing easy searching of hard drives. (Working)

14. voip logic bomb. bot computer is sent via a voip call file once played through voip the microphone hears mp3 file and the dormant payload is activated in bot that is the logic bomb. (Extra- Alpha)

Each Panel is hwid

1 unique build per Copy embedded into panel.

Everything is provided in English only manuals for setup: you need 3 servers for C&C and // one- BULLET proof server collector for -/ everything is working and can be setup within hours: Only serious players –  for sale $8000 -bitcoin – (obfuscated )1A9nBLgdhf4NJadXiBppqqU96AhbMBQrgV -

—— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ————— – EDUCATIONAL – ONLY – ———