close
Последнее редактирование:
-
XSS.stack #1 – первый литературный журнал от юзеров форума
close
- Автор темы C0rtex
- Дата начала
Создание Tor onion сайта - пример настройки в Ubuntu.
Расссмотрим пример настройки Tor onion сайта в операционной системе Ubuntu. Общие рекомендации по соблюдению аннонимности: 1. Не запускай...
createtoronionsite.blogspot.com
Ðак ÑоздаÑÑ ONION-ÑайÑ.
ÐдеÑÑ Ñ Ð¿Ð¾Ð¿ÑÑаÑÑÑ Ð´Ð¾Ð½ÐµÑÑи до обÑеÑÑва ваÑÐ¸Ð°Ð½Ñ ÑÐ¾Ð·Ð´Ð°Ð½Ð¸Ñ onion-ÑайÑа. ÐÑÑ ÑÑо напиÑано ниже напиÑано лÑбиÑелем и не ÑпеÑиалиÑÑом. ÐÑÐ´Ñ Ñад к...
zadumchiv.blogspot.com
Tor Project | Set up Your Onion Service
Defend yourself against tracking and surveillance. Circumvent censorship. | Set up Your Onion Service
community.torproject.org
Use Brute to custom the v3 domain = https://github.com/cathugger/mkp224o
Код:
Once you're comfortable in getting everything up and running on your own in a Ubuntu VM you can use a Virtual Private Server (VPS) with Ubuntu installed as the host OS using the same commands to set it up. The commands should work for the majority of VPS Ubuntu 18.04 OS's. You should always test things first and ensure they're working before doing anything on a production server for the first time. Don't blindly think everything is working so please test your shit first! Nothing more annoying then launching your plans and realizing you forgot to bring your webserver up. Practice makes perfect.
First we'll be discussing how to setup a hidden service to host simple HTML content and static web pages then we'll get into how to host your own forum. It's assumed you know how to access the Terminal application in Ubuntu (or any *nix based OS) as using Terminal/command line should be familiar with you.
It's best to start each example throughout this course with a fresh Ubuntu VM install to ensure everything functions properly when following along with this course. This is why it's best to create a snapshot of a fresh install when trialing everything out for the first time. When you get more experience you can cut and paste as needed to setup everything to your liking.
Using Ubuntu in VM for the following.
Before you start anything, especially if you're using a VPS to host your hidden service, type the following in Terminal:
unset HISTFILE
echo set +o history >> /etc/profile
echo set +o history >> ~/.bashrc
This will ensure your bash history is not saved so others can't view what you've been up to in Terminal. Now when you hit the up arrow on your keyboard in Terminal it will not bring up your old commands. This will help should your VPS get seized.
In Terminal type:
sudo dpkg --configure -a
sudo apt-get update && sudo apt-get upgrade -y
Once that's complete, we need to install a web server and Tor so we can host the hidden service. We're going to use a light-weight webserver called nginx (pronounced engine-X).
In the same Terminal type the following:
sudo apt-get install net-tools nginx tmux tor -y && sudo apt autoremove -y
sudo service apache2 stop
sudo service tor stop
sudo -i
The "sudo -i" command will drop you into the root account.
mkdir /var/www/WEB_FILES_DIRECTORY
echo "MY HIDDEN SERVICE TEST" > /var/www/WEB_FILES_DIRECTORY/index.html
chmod 700 -R /var/lib/tor/*
chown -R Funshine /var/lib/tor/
The "chown -R Funshine /var/lib/tor/" reflects my username of "Funshine". Make sure you replace "Funshine" with your user on Ubuntu! If you're unsure of your username in Terminal type "whoami".
chown -R www-data /var/www/WEB_FILES_DIRECTORY
exit
Once you exit out of the root account and you're back to your user account type the following:
sudo gedit /etc/tor/torrc
Scroll down until line 71 and uncomment the following:
HiddenServiceDir /var/lib/tor/hidden_service
HiddenServicePort 80 127.0.0.1:80
Save and exit the file.
sudo rm /etc/nginx/sites-enabled/default
sudo rm /etc/nginx/sites-available/default
sudo gedit /etc/nginx/sites-available/default
Paste the following in orange below and save the file.
server {
listen 127.0.0.1:80 default_server;
root /var/www/WEB_FILES_DIRECTORY;
index index.html index.htm;
server_name localhost;
location / {
try_files $uri $uri/ =404;
}
error_page 500 502 503 504 404 403 /index.html;
location = index.html {
root /var/www/WEB_FILES_DIRECTORY;
internal;
}
}
This nginx configuration will re-direct every request that isn't available back to the main homepage and ensures everything is accessed through 127.0.0.1 so we don't reveal our true server IP to the world. Anything web traffic related is going to 127.0.0.1:80 and there is no way for anyone to access it unless it's coming from 127.0.0.1. Remember, your "exit node" within the Tor network is always 127.0.0.1 so this should make sense if you understand the basics of Tor.
sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled
sudo gedit /etc/nginx/nginx.conf
Delete what's in the nginx.conf file and paste the following in orange below:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_name_in_redirect off;
server_tokens off;
port_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
Save the file and exit gedit.
tmux
tor
Once you've ran the "tor" command and it's at %100 hold CTRL then hit the letter "b" on your keyboard then release CTRL and hit the letter "d" on your keyboard so you're able to exit out of the tmux window while leaving Tor running. If you want to understand tmux then it's a Google search away!
Once you're out of the tmux window type:
sudo nginx -t
This will test the current nginx config and should pass successfully.
service nginx restart
cd /var/lib/tor/hidden_service
ls
Here we can see the hostname and private key file for your onion domain.
cat hostname
This is your onion hidden service hostname which has been automatically generated for you once you run the "tor" command for the first time. By default, a V3 onion domain is generated as the V2 will depreciate September 15, 2020. This is your onion domain that you would supply to others in order for them to access your hidden service website.
Before we access your hidden service website let's first ensure everything is working. It shouldn't take any longer then 5 - 10 minutes before you can access your onion website as it can take some time to become fully online within the Tor network. Copy your onion hostname and plug it into your Tor Browser and you should see "MY HIDDEN SERVICE TEST".
If you don't get directed to your website wait it out for 5 - 10 minutes and try again. If it's not online by then you fucked something up. Restore the fresh snapshot of the VM and start again.
Your hidden service should be all setup for you to host your simple HTML website to the masses. Of course if you're hosting with VPS provider you should login to your server via SSH over Tor and ensure you run "sudo apt-get update && sudo apt-get upgrade -y" every so often.
Setting up a forum, Vendor shop, marketplace, etc.
There are times when you'll want to host your own Vendor shop, forum, scam page, marketplace, etc. so you'll need to have PHP, a database setup to house your data, etc. We'll now discuss setting up your hidden service in a way so you're able to use phpMyAdmin when setting up your website and databases if you prefer phpMyAdmin. Many ways to accomplish this so I'll show you phpMyAdmin and other ways. If you're not familiar with phpMyAdmin I recommend using it especially if you're planning on hosting anything with a database, forum, etc. for ease of setup.
For this example we'll be setting up myBB which is a popular forum platform used by many dark web forums. You can now create your own forum to recruit members into your gang when you're done this chapter ;)
Open up a new Terminal and type the following:
sudo dpkg --configure -a
sudo apt-get update && sudo apt-get upgrade -y
sudo service nginx stop
sudo apt-get install build-essential gcc make apache2 perl dkms vim -y && sudo apt autoremove -y
sudo apt -y install software-properties-common
sudo apt-get install -y language-pack-en-base
sudo locale-gen en_US.UTF-8
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
sudo add-apt-repository ppa:ondrej/php
sudo apt-get update
sudo apt-get install php7.4 -y
sudo apt-get update && sudo apt-get install nginx php7.4-fpm mysql-server mysql-client tor tmux vim net-tools autoconf libevent-dev libssl-dev apt-transport-https zlib1g zlib1g-dev -y
sudo a2enmod proxy_fcgi setenvif
sudo systemctl restart apache2
sudo a2enconf php7.4-fpm
sudo systemctl reload apache2
sudo service apache2 stop
sudo mysql_secure_installation
Go through the mysql secure installation directions, say "N" when prompted to VALIDATE PASSWORD PLUGIN, say Yes to remove anonymous users, say Yes to disallow root remotely, say Yes to remove test databases and access to it, say Yes to reload privileges, and mysql is setup.
sudo mysql -u root -p
Paste the following in the mysql terminal in orange:
create database TEST;
create user 'TESTING'@'localhost' identified by 'PASSWORD';
grant all on TEST.* to 'TESTING'@'localhost';
FLUSH PRIVILEGES;
EXIT;
The above mysql syntax is as follows: We created a database called "TEST". "TESTING" is the new user being created and "PASSWORD" is the password for that user which I'll be using to login with phpMyAdmin or when installing forum software. Obviously you can change this accordingly.
sudo apt-get install phpmyadmin -y
Hit "spacebar" on your keyboard to select apache2 when prompted about your web server then hit "enter". When prompted to configure database for phpMyAdmin hit "enter". You will be asked for the mysql password you setup in the above mysql syntax portion. My example was "PASSWORD" with the username of "TESTING".
sudo service apache2 start
If you want to access the phpMyAdmin webpage open Firefox and enter http://127.0.0.1/phpmyadmin
Those familiar with phpMyAdmin can use it as they see fit. For those people who aren't familiar or don't care about phpMyAdmin let's bring down the apache webserver so phpMyAdmin login page isn't accessible online any longer.
sudo service apache2 stop
It's recommended to rename the phpmyadmin file so when you bring up your apache server the default location cannot be found at "/phpmyadmin". Making it random is easier for you and much harder for others trying to discover content on your hidden service. Leaving that open to others to fuck with is unwise.
Let's continue on and get myBB forum up and running.
sudo gedit /etc/tor/torrc
Navigate down to line 71 to find the following in orange and ensure it's uncommented.
HiddenServiceDir /var/lib/tor/hidden_service
HiddenServicePort 80 127.0.0.1:80
sudo service tor stop
sudo service nginx stop
sudo -i
The "sudo -i" command will drop you into the root account.
mkdir /var/www/WEB_FILES_DIRECTORY
echo "MY HIDDEN SERVICE TEST" > /var/www/WEB_FILES_DIRECTORY/index.html
chmod 700 -R /var/lib/tor/*
chown -R Funshine /var/lib/tor/
The "chown -R Funshine /var/lib/tor/" reflects my username of "Funshine" so that user can run the "tor" command. Make sure you replace "Funshine" with your user on Ubuntu! If you're unsure of your username in Terminal type "whoami".
chown -R www-data /var/www/WEB_FILES_DIRECTORY
exit
tmux
tor
Once you've ran the "tor" command and it's at %100 hold CTRL then hit the letter "b" on your keyboard then release CTRL and hit the letter "d" on your keyboard so you're able to exit out of the tmux window while leaving Tor running in the background.
Once you're out of the tmux window you can check your V3 hostname by typing the following:
cat /var/lib/tor/hidden_service/hostname
Now we'll setup nginx configuration so myBB function properly.
sudo rm /etc/nginx/sites-enabled/default
sudo rm /etc/nginx/sites-available/default
sudo gedit /etc/nginx/sites-available/default
Paste the following in orange below and save the file.
server {
client_body_buffer_size 100K;
client_header_buffer_size 1k;
client_max_body_size 100k;
large_client_header_buffers 2 1k;
client_body_timeout 10;
client_header_timeout 10;
keepalive_timeout 5 5;
send_timeout 10;
listen 127.0.0.1:80 default_server;
root /var/www/WEB_FILES_DIRECTORY;
error_page 500 502 503 504 404 403 /index.php;
index index.php;
server_name _;
location ~ \.php$ {
try_files $uri @missing;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_index index.php;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
include fastcgi_params;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
location @missing {
rewrite ^ /error/404 break;
}
}
With this configuration we're re-directing every unknown request to the main webpage and ensuring everything is done through 127.0.0.1 so we don't reveal our true server IP to the world just like before.
sudo gedit /etc/nginx/nginx.conf
Delete what's in the nginx.conf file and paste the following in orange below:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_name_in_redirect off;
server_tokens off;
port_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
On Terminal we continue:
cd ~
wget https://resources.mybb.com/downloads/mybb_1823.zip
sudo mv mybb_1823.zip /var/www/WEB_FILES_DIRECTORY
cd /var/www/WEB_FILES_DIRECTORY
sudo unzip mybb_1823.zip
sudo rm mybb_1823.zip
cd Upload
sudo mv * ../
cd ..
sudo rm -r Upload
sudo chown -R www-data:www-data /var/www/WEB_FILES_DIRECTORY
sudo chmod -R 755 /var/www/WEB_FILES_DIRECTORY
sudo ln -s /etc/nginx/sites-available/default /etc/nginx/sites-enabled
sudo service nginx restart
Let's grab your V3 Tor hidden service hostname again.
cat /var/lib/tor/hidden_service/hostname
Open up your Tor Browser and put your onion domain into the URL and hit enter. You will be presented with the myBB install page for you to install your new forum!
You can uncheck sending your data to them and click "Next" and then click on "Agree". When you come to the screenshot below make sure you're entering the credentials you set your mysql up with. Using my example my database is "TEST", username is "TESTING" and the password is "PASSWORD.
Once you've entered your correct credentials you will be greeted with the success page. You'll need to continue clicking "Next" going through the prompts and setup your new forum. Create your administrator account and it's all complete.
You can now navigate to your onion domain to see your new forum up and running.
You now have everything up and running for your myBB forum to discuss whatever secrets you plan on talking about. You can customize this accordingly and I highly suggest you do this in VM first to get it setup to your liking before committing to the install on a live onion! Remember, test everything and ensure it's operational before letting that sucker rip.
This is all that's required to get your hidden service up and running. We've configured it properly so no funny business is happening and the only way this is getting compromised if there is a 0-day in the applications/services we're using. We're relying on current technoglogies and applications to be secure. Let others determine that. If you were doing this on a VPS you should replace the "gedit" command with "vim" so you're able to edit the files correctly. You can also use nano, vim, or whatever you're comfortable with that isn't GUI based. Should be a no brainer for most I hope by now!
Последнее редактирование:
присоединяюсь к вопросу, тоже интересно, ток чтоб на nginx
Ничего он не меняет. Это просто дополнительная прокладка между браузером и твоим веб сервером.
Рекомендую поставить сервер так:
И прикрутить Тор, как описано тут:
Если не получится - можешь мне маякнуть.
https://xss.pro/threads/34543/
И прикрутить Тор, как описано тут:
Tor Project | Set up Your Onion Service
Defend yourself against tracking and surveillance. Circumvent censorship. | Set up Your Onion Service
community.torproject.org
Если не получится - можешь мне маякнуть.
Вот еще инструкция:
Mega:
Mega:
Последнее редактирование:
Скрытый контент для пользователей: .
для того чтобы в будущем у людей так же быстро решались подобные моменты, возможно стоит отписать решение в виде поста?
Да все элементарно, но лучше делать на nginx дабы скорость выше, домен генерируется с помощью schalot Или eschalot и для удобство vesta (к примеру) подними и делай лучше все на центосе
Спасибо тебе, такие посты сподвигают делиться опытом и информацией!
Ну если говорить серьёзно, то во превых, название темы очень исчерпывающее, сразу понятно о чем тема, легко ищется через поиск и т.п.
Во вторых, ты приходишь задаешь вопрос, потом говоришь что решил сам (или с помощью статей что тебе скинули).
Если тебе помогли почему бы не описать процесс, в ответ на помощь от комьюнити?
Что за потребительское отношение?
Не вижу дерзости, констатация факта.
Ты обиделся, я не понял?
Сначала за дерзость мне объсянишь, потом я объясню тебе в чем твоя обида.
Ну вот на это ты и обиделся, что за глупые вопросы?
Глупо сначала предъявлять за дерзость, потом спрашивать за что ты обиделся, так понятнее?
Тебе помогли ссылкой, почему бы не описать свой процесс, который ты только что проделал, а не писать что то в стиле:
Я бы тебе сделал всё и сайт на торе и сервер бы поднял на любом железе Debian 9 подойдёт и примеры работающего форума привёл бы, если надо тогда пиши в личку