Private message me for the list
-
XSS.stack #1 – первый литературный журнал от юзеров форума
Анонимность, безопасность VPS, VDS, dedicated hosting
- Автор темы cum1337
- Дата начала
-
- Теги
- vpn сервер vps
Дедики в браузере
1. Заходим на сайт https://www.onworks.net/os-distributions (можно через Tor).
2. Выбираем нужную ОС.
3. Ждём, когда загрузка пройдёт, затем жмём кнопку "Start".
4. Снова ждём конца загрузки, затем нажимаем на "Enter" (не на клавиатуре, а на сайте).
5. Опять ждём конца загрузки, и получаем дедик.
Пароль от root прав всегда будет "123456". С дедика также можно экспортировать данные, или импортировать ранее экспортированные, для этого просто жмём кнопку "Save files", или "Load files", и следуем появившейся инструкции.
По 5$ в месяц или 3 бесплатных линукса на выбор. Отличный сайт. Сёрфить можно как через виртуалку, у whoer.net показатель 90%.
Из минусов, лагает мышь.
Вкладки с вполне широким выбором MAC Windows Linux, молодцы эстонцы, полезнейший сервис создали
Если активности нет, буквально через минуты виртуалка закрывается
Похожий сайт имеющий неоспоримое преимущество в виде эмуляции нужной вам системы https://copy.sh/v86/
Со своей эмуляцией лучше, указали на отсталую мышь, мешающую всему, этого бага нет в copy.sh. От первого сайта не отойти, а во втором всё бесплатно, я не загружал свой образ, возможно сайт супер пупер.
1. Заходим на сайт https://www.onworks.net/os-distributions (можно через Tor).
2. Выбираем нужную ОС.
3. Ждём, когда загрузка пройдёт, затем жмём кнопку "Start".
4. Снова ждём конца загрузки, затем нажимаем на "Enter" (не на клавиатуре, а на сайте).
5. Опять ждём конца загрузки, и получаем дедик.
Пароль от root прав всегда будет "123456". С дедика также можно экспортировать данные, или импортировать ранее экспортированные, для этого просто жмём кнопку "Save files", или "Load files", и следуем появившейся инструкции.
По 5$ в месяц или 3 бесплатных линукса на выбор. Отличный сайт. Сёрфить можно как через виртуалку, у whoer.net показатель 90%.
Из минусов, лагает мышь.
Вкладки с вполне широким выбором MAC Windows Linux, молодцы эстонцы, полезнейший сервис создали
Если активности нет, буквально через минуты виртуалка закрывается
Похожий сайт имеющий неоспоримое преимущество в виде эмуляции нужной вам системы https://copy.sh/v86/
Со своей эмуляцией лучше, указали на отсталую мышь, мешающую всему, этого бага нет в copy.sh. От первого сайта не отойти, а во втором всё бесплатно, я не загружал свой образ, возможно сайт супер пупер.
Последнее редактирование модератором:
обнаружился зиродей в systemd, позволяющий примонтировать зашифрованный раздел, если пароль хранится в TPM: https://pulsesecurity.co.nz/advisories/tpm-luks-bypass
новость на русском: https://www.opennet.me/opennews/art.shtml?num=59702
The connection between the VM and VPS. How to hide yourself?
Hello guys. How is possible to hide the connection between the Virtual Machine (Linux/Windows) and VPS (Windows) from where you work? Usually people are using VPN or Tor or TOR +VPN but there are a lot of additional problems in this topic. How you can hide the hardware of the machine from which u make the VM and etc. Can someone explain possible options. I heard a lot of people are using their private physical server using Proxmos virtual machines and etc?
Hello guys. How is possible to hide the connection between the Virtual Machine (Linux/Windows) and VPS (Windows) from where you work? Usually people are using VPN or Tor or TOR +VPN but there are a lot of additional problems in this topic. How you can hide the hardware of the machine from which u make the VM and etc. Can someone explain possible options. I heard a lot of people are using their private physical server using Proxmos virtual machines and etc?
Последнее редактирование модератором:
If you are worried about hiding your machine you can just connect to the VM using other machine or RDP as well. In the end you need a machine you have to trust so don't do anything stupid
Последнее редактирование модератором:
Yes i am worried how to hide my own machine id and all the hardware. If i buy one server only for VM's and connect to it using my own vpn for example and after this for the server i connect to my RDP? Is this good OPSEC
Последнее редактирование модератором:
пожалуй, здесь тоже проспамлю своим топиком: https://xss.pro/threads/98554/
Ребята помогите с софтом для того что бы спрятать свое железо в интернете на некоторых сайтов
макченджер, прокси, впн, тор, драйвченджер, антик и хватит
Good day to everybody.
This is my first article and its about "how to secure your Server" and its divided in to 6 easy steps. I welcome everyone's comments and suggestion/solutions.
Lets start it.
(1) After install the linux distribution first thing to do is update the system:
To enable automatic update, install the package unattended upgrades:
To configure it:
Here you get a menu where you can make changes and reboot it. The status is stored in a file:
If you want automatic rebooting, change the value in file.
(2) Scan you VPS for Malware/Rootkit:
Check your VPS is clean or not, to do this install malware/rootkit scanner on your VPS. Here we are install malware scanner rkhunter or chkrootkit.
To run it
Note: While scanning with rkhunter it gives you a warning message about lwp-request
Go to “SCRIPTWHITELIST=/usr/bin/lwp-request” and remove “#”.
Another malware or rootkit scanner is chkrootkit, Install it and run it.
(3) NTP Client (Network Time Protocol):
Network Time Protocol (NTP) is a protocol that allows the synchronization of system clocks. Many security protocols and distributed applications used Time verification, so if your Time is incorrect it could have bad effect on server. You can use NTP client to solve it.
Install NTP client by following command:
Check NTP client config file
Check all configuration, use NTP Time pool and save it and restart NTP service.
Check ntp status
(4) SSH Keypair:
Instead of using password, Public Key Authentication is a secure logging method for SSH. It uses a cryptographic keypair for validation, public key authentication provides cryptographic strength and automated passwordless logins.
Here we Generate a private and public key, known as the keypair. The private key stays on the local machine. While corresponding public key to the server and server stores and marks the public key as approved. The server allows access to anyone who proves the ownership of the corresponding private key.
To generate the Keypair:
Here t represents the type of keypair and ed25519 is the type of it (it’s the newsest type)
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your private key has been saved in /home/user/.ssh/id_ed25519.
Your public key has been saved in /home/user/.ssh/id_ed25519.pub.
After creating Keypair, append your public key from client to the server (i.e. from your device to your server). Below’s username is the username of your server and xxx.xxx.xxx.xxx is the IP address of it.
Now connect to your server using ssh credentials (i.e. username and password) and edit the sshd config file and change default permissions.
PubKeyAuthentication yes (Change it from No to yes and remove pound/hash sign)
PasswordAuthentication no (Change it from yes to no and remove pound/hash sign)
Now the ssh login allow only with public-private keypair without password authentication to prevent brute-force of ssh. Save it and restart ssh service.
Next time when you login to your server, your server authenticate you with Privatekey instead of password.
(5) Secure of your VPS (by edit sshd_config)
After creating ssh keypair and append public key to the server. Here we change the few permissions to make our server more secure.
Connect to your VPS.
Edit sshd_config file and change few permissions. It will restrict root login via ssh, max authetication try set to 2 to, enable publickey authentication and disable password login also empty password etc.
PermitRootLogin no
MaxAuthTries 2
MaxSessions 3
PubKeyAuthentication yes
PasswordAuthentication no
PermitEmptyPassword no
AllowStreamLocalForwarding no
Protocol 2
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
PrintMotd no
PermitTunnel no
Save it and Exit. Now your server allows login with Keypair only (and not ask login-password) and not allow root-login via ssh or empty password or tcp forwarding etc
(6) Add Google 2fa to SSH KeyPair
After performing above steps, Lets add another layer of security i.e. google authenticator in combination with SSH Keypair. Google authenticator generate tokens which changes every 30 seconds. Without having both (SSH Keypair and six digits access tokens from google authenticator) no one can access the server.
You can use mobile phone or browser-extension for google-authenticator. I am showing only browser-based authentication method bcause i guess everyone knows how to configure google-authenticator for mobile device.
For browser based google-authenticator:
On client machine open Firefox Browser and search google-authenticator extension for firefox and add this extension to your browser and connect your server via ssh and install google authenticator over terminal.
It install google authenticator on your server, now configure it.
It ask you do you want "Authentication token to be time based", type y or yes
It generates secret keys - Note down this Key and go back to device from where you are accessing your server and open Firefox Browser and click on "authenticator" icon (on the top-right corner) -> click on edit -> click on Plus sign ->Click on Manual Entry.
It shows to Field - On Issuer field type "VPS" or what-ever name you want to give your server and on second field which is "secret" here you type secret code which you note down during installation of google-authenticator on your server.
Click ok
Go back to your server it shows verification code and emergency scratch codes, Note down verifification code and scratch codes (if you change accessing device you need these codes to re-install authenticator, without this you lost access to server).
Its prompt you "Do you want me to update "/home/user/.google_authenticator" file, type y or yes
It prompts you few more settings, just type y or yes till it install and configure it for you.
Now Open the configuration file and edit few lines (below)
Save and exit.
Open sshd_config file
and add below line:
ChallengeResponseAuthentication Yes
AuthenticationMethods publickey,password publickey,keyboard-interactive
Save it and restart Your ssh service.
Logout from your VPS and relogin to your server by ssh to make sure it works perfectly i.e its authenticate you by keypair and ask 6 digit access of google authenticator.
This is my first article and its about "how to secure your Server" and its divided in to 6 easy steps. I welcome everyone's comments and suggestion/solutions.
Lets start it.
(1) After install the linux distribution first thing to do is update the system:
To enable automatic update, install the package unattended upgrades:
To configure it:
Here you get a menu where you can make changes and reboot it. The status is stored in a file:
If you want automatic rebooting, change the value in file.
(2) Scan you VPS for Malware/Rootkit:
Check your VPS is clean or not, to do this install malware/rootkit scanner on your VPS. Here we are install malware scanner rkhunter or chkrootkit.
To run it
Note: While scanning with rkhunter it gives you a warning message about lwp-request
lwp-request is a script that allows making http requests to web servers. To suppress the error you need to allow the /usr/bin/lwp-request command to be used as a script. This can be done by adding the line:
Go to “SCRIPTWHITELIST=/usr/bin/lwp-request” and remove “#”.
Another malware or rootkit scanner is chkrootkit, Install it and run it.
(3) NTP Client (Network Time Protocol):
Network Time Protocol (NTP) is a protocol that allows the synchronization of system clocks. Many security protocols and distributed applications used Time verification, so if your Time is incorrect it could have bad effect on server. You can use NTP client to solve it.
Install NTP client by following command:
Check NTP client config file
Check all configuration, use NTP Time pool and save it and restart NTP service.
Check ntp status
It will shows all the time service pool use by your system.
(4) SSH Keypair:
Instead of using password, Public Key Authentication is a secure logging method for SSH. It uses a cryptographic keypair for validation, public key authentication provides cryptographic strength and automated passwordless logins.
Here we Generate a private and public key, known as the keypair. The private key stays on the local machine. While corresponding public key to the server and server stores and marks the public key as approved. The server allows access to anyone who proves the ownership of the corresponding private key.
To generate the Keypair:
Here t represents the type of keypair and ed25519 is the type of it (it’s the newsest type)
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your private key has been saved in /home/user/.ssh/id_ed25519.
Your public key has been saved in /home/user/.ssh/id_ed25519.pub.
After creating Keypair, append your public key from client to the server (i.e. from your device to your server). Below’s username is the username of your server and xxx.xxx.xxx.xxx is the IP address of it.
Now connect to your server using ssh credentials (i.e. username and password) and edit the sshd config file and change default permissions.
PubKeyAuthentication yes (Change it from No to yes and remove pound/hash sign)
PasswordAuthentication no (Change it from yes to no and remove pound/hash sign)
Now the ssh login allow only with public-private keypair without password authentication to prevent brute-force of ssh. Save it and restart ssh service.
Next time when you login to your server, your server authenticate you with Privatekey instead of password.
(5) Secure of your VPS (by edit sshd_config)
After creating ssh keypair and append public key to the server. Here we change the few permissions to make our server more secure.
Connect to your VPS.
Edit sshd_config file and change few permissions. It will restrict root login via ssh, max authetication try set to 2 to, enable publickey authentication and disable password login also empty password etc.
PermitRootLogin no
MaxAuthTries 2
MaxSessions 3
PubKeyAuthentication yes
PasswordAuthentication no
PermitEmptyPassword no
AllowStreamLocalForwarding no
Protocol 2
AllowTcpForwarding no
GatewayPorts no
X11Forwarding no
PrintMotd no
PermitTunnel no
Save it and Exit. Now your server allows login with Keypair only (and not ask login-password) and not allow root-login via ssh or empty password or tcp forwarding etc
(6) Add Google 2fa to SSH KeyPair
After performing above steps, Lets add another layer of security i.e. google authenticator in combination with SSH Keypair. Google authenticator generate tokens which changes every 30 seconds. Without having both (SSH Keypair and six digits access tokens from google authenticator) no one can access the server.
You can use mobile phone or browser-extension for google-authenticator. I am showing only browser-based authentication method bcause i guess everyone knows how to configure google-authenticator for mobile device.
For browser based google-authenticator:
On client machine open Firefox Browser and search google-authenticator extension for firefox and add this extension to your browser and connect your server via ssh and install google authenticator over terminal.
It install google authenticator on your server, now configure it.
It ask you do you want "Authentication token to be time based", type y or yes
It generates secret keys - Note down this Key and go back to device from where you are accessing your server and open Firefox Browser and click on "authenticator" icon (on the top-right corner) -> click on edit -> click on Plus sign ->Click on Manual Entry.
It shows to Field - On Issuer field type "VPS" or what-ever name you want to give your server and on second field which is "secret" here you type secret code which you note down during installation of google-authenticator on your server.
Click ok
Go back to your server it shows verification code and emergency scratch codes, Note down verifification code and scratch codes (if you change accessing device you need these codes to re-install authenticator, without this you lost access to server).
Its prompt you "Do you want me to update "/home/user/.google_authenticator" file, type y or yes
It prompts you few more settings, just type y or yes till it install and configure it for you.
Now Open the configuration file and edit few lines (below)
Save and exit.
Open sshd_config file
and add below line:
ChallengeResponseAuthentication Yes
AuthenticationMethods publickey,password publickey,keyboard-interactive
Save it and restart Your ssh service.
Logout from your VPS and relogin to your server by ssh to make sure it works perfectly i.e its authenticate you by keypair and ask 6 digit access of google authenticator.
Последнее редактирование:
first of all,
(0) install a minimal distribution from a trusted .iso (downloaded from an official website)
you should mention the exact distribution name you talk about
also one important step left:
(7) Firewall setup
(0) install a minimal distribution from a trusted .iso (downloaded from an official website)
Код:
$ sudo apt update
[sudo] password for root:
bash: apt: command not foundyou should mention the exact distribution name you talk about
I would also regenerate moduli (deleting all smaller than 3k bits https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67 ) and change the default ciphers and MACs.
also one important step left:
(7) Firewall setup
I appreciate your suggestion.first of all,
(0) install a minimal distribution from a trusted .iso (downloaded from an official website)
Код:$ sudo apt update [sudo] password for root: bash: apt: command not found
you should mention the exact distribution name you talk about
I would also regenerate moduli (deleting all smaller than 3k bits https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67 ) and change the default ciphers and MACs.
also one important step left:
(7) Firewall setup
Как безопасно подключиться к дедику?
Как можно безопасно подключиться к дедику с windows server чтобы меня нельзя было обнаружить? Какую связку использовать?
Как можно безопасно подключиться к дедику с windows server чтобы меня нельзя было обнаружить? Какую связку использовать?
Последнее редактирование модератором:
Wireguard, двойной, тройной. Связка должна быть быстрая, иначе будет невозможно нормально использовать дедик.
Можно через SSH, socks, и т.д, подняв tun2socks, но в последнем не уверен нужно на практике проверять.
Можно через SSH, socks, и т.д, подняв tun2socks, но в последнем не уверен нужно на практике проверять.
Обнаружат тебя так или иначе всё равно, админ ведь всё видит, другое дело что ты можешь подменить свой ip через проксимитрон например или заюзав софт где есть носки, можно даже тупо вбить в носок 127.0.0.0:9150 и врубив тор браузер у тебя поднимется носок на этом порту, и заходить тупо через тор, ну или носок надеть анонимный (этот вариант лучше гораздо). А вот так что бы ты зашел и не оставил логов - такого просто не будет.
Как Скрыть реальный ip от vps сервера ?
Вот такая ситуация , сеть строиться через openwrt и там естественно wan интерфейс берет роутер и палит настоящий ip, поставил на openwrt openvpn , ничего не происходит , vps как видел реальный ip так и видит , как скрыть реальный ip от vps сервера ?
Вот такая ситуация , сеть строиться через openwrt и там естественно wan интерфейс берет роутер и палит настоящий ip, поставил на openwrt openvpn , ничего не происходит , vps как видел реальный ip так и видит , как скрыть реальный ip от vps сервера ?
Последнее редактирование модератором:
а опенвпн сервер настроил, к чему твою маршрутизатор с опенвпн клиентом должен подключаться?
если тебе нужно напрямую подключаться к впс(без использоваания каких-либо промежуточных серверов), то никак. Читай основы сети и зачем нужен ip
если напрямую подключаться необязательно, то ищу подходящую конкретно под тебя инструкцию с настройкой впна/прокси либо на твоей рабочей машине, либо на маршрутизаторе, а после сможешь задавать уже более конкретные вопросы, если возникнут какие-либо трудности
Нужен совет по безопасности VPS
зашли на дэдик vps linux (все обновы стоят пароли поменены ufw включен) и запускали nload, htop, lscpu и тулзой отстучали на айпишник принадлежащий dod network information center. Короче совет ваш нужен...
зашли на дэдик vps linux (все обновы стоят пароли поменены ufw включен) и запускали nload, htop, lscpu и тулзой отстучали на айпишник принадлежащий dod network information center. Короче совет ваш нужен...
Последнее редактирование модератором:
дэдик != vps
дэдик = dedicated, Vps = Virtual
дэдик = dedicated, Vps = Virtual
поищи IP своего сервера в паблик логах стилеров)
Кроме паролей там могут быть еще ключи SSH.