VK3SMB

User Tools

Site Tools

Trace:
darkweb_service

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
darkweb_service [2018/09/15 14:24]
vk3smb [SSH access to your server] 		darkweb_service [2018/09/15 14:32] (current)
vk3smb [Keys on your Android Phone]
Line 122: Line 122:
 {{ :tor:dw-howto_html_fbf7d55459b1cd40.jpg?direct&200|}} {{ :tor:dw-howto_html_fbf7d55459b1cd40.jpg?direct&200|}}
 Checking the screenshot of Orbot above, you will notice under Tor-Enabled apps, a command line looking icon.  This is ConnectBot SSH.  It is available from Google play as well.  In Orbot, you have to enable the VPN, then click the settings icon, then select ConnectBot.  This will allow it to connect over TOR. Checking the screenshot of Orbot above, you will notice under Tor-Enabled apps, a command line looking icon.  This is ConnectBot SSH.  It is available from Google play as well.  In Orbot, you have to enable the VPN, then click the settings icon, then select ConnectBot.  This will allow it to connect over TOR.
-More security……+===== More security…… ===== 
 As you can see in the previous chapter, we can “torify” a command to allow it access through the dark web.  Since we can do it, so can a hacker… As you can see in the previous chapter, we can “torify” a command to allow it access through the dark web.  Since we can do it, so can a hacker…
 +
 A hacker, if he gets hold of your onion address, can torify a port scanner and get it to scan the ports on your dark web server, finding an open port 22.  On the clear web, a smart person would have fail-to-ban or similar installed to circumvent this after a couple of tries, and hopefully he gives up and annoys someone else, but in the dark web, everyone who attempts to connect to your dark web server looks the same to the server….  It’s part of that anonymity referred to earlier. A hacker, if he gets hold of your onion address, can torify a port scanner and get it to scan the ports on your dark web server, finding an open port 22.  On the clear web, a smart person would have fail-to-ban or similar installed to circumvent this after a couple of tries, and hopefully he gives up and annoys someone else, but in the dark web, everyone who attempts to connect to your dark web server looks the same to the server….  It’s part of that anonymity referred to earlier.
 +
 So now, we delve into keys.  They have to be installed on any client that tries to access your dark web server. So now, we delve into keys.  They have to be installed on any client that tries to access your dark web server.
 +
 To set up authentication, you need to edit the torrc file on your dark web server again, and add a line to it: To set up authentication, you need to edit the torrc file on your dark web server again, and add a line to it:
-HiddenServiceDir /var/lib/tor/hidden_service/+<code>HiddenServiceDir /var/lib/tor/hidden_service/
 HiddenServicePort 80 127.0.0.1:8083 HiddenServicePort 80 127.0.0.1:8083
-#HiddenServicePort 22 127.0.0.1:22+#HiddenServicePort 22 127.0.0.1:22</code>
 So it becomes So it becomes
-HiddenServiceDir /var/lib/tor/hidden_service/+<code>HiddenServiceDir /var/lib/tor/hidden_service/
 HiddenServicePort 80 127.0.0.1:8083 HiddenServicePort 80 127.0.0.1:8083
 HiddenServicePort 22 127.0.0.1:22 HiddenServicePort 22 127.0.0.1:22
-HiddenServiceAuthorizeClient stealth hidden_service+HiddenServiceAuthorizeClient stealth hidden_service</code>
 Save it, and restart TOR. Save it, and restart TOR.
 +
 Now in your /var/lib/tor/hidden_service folder, there will be a couple of keys and a modified hostname file.  Cat it: Now in your /var/lib/tor/hidden_service folder, there will be a couple of keys and a modified hostname file.  Cat it:
-qb7burbgiso43fzv.onion N#@#@#@#@#@#@#@#@#@#@B # client: hidden_service+ 
 +<code>qb7burbgiso43fzv.onion N#@#@#@#@#@#@#@#@#@#@B # client: hidden_service</code>
 It will show you the address, and the key required for you to access hidden_service, on ANY port.  Without the key, the client will just get a timeout message. It will show you the address, and the key required for you to access hidden_service, on ANY port.  Without the key, the client will just get a timeout message.
 +
 Write the key down (it is case sensitive), as you need it put that key onto any client you wish to give access to your dark web server. Write the key down (it is case sensitive), as you need it put that key onto any client you wish to give access to your dark web server.
 +
 As you have two different TOR versions on your client PC (one is installed on your PC and we use it with SSH, the other is bundled with the TOR-browser), we need to install this key in two different places on your PC. As you have two different TOR versions on your client PC (one is installed on your PC and we use it with SSH, the other is bundled with the TOR-browser), we need to install this key in two different places on your PC.
 +
 For SSH to work, on your PC, edit the torrc file: For SSH to work, on your PC, edit the torrc file:
-#  nano /etc/tor/torrc+<code>#  nano /etc/tor/torrc</code>
 Go right down to the bottom of the file and add the following: Go right down to the bottom of the file and add the following:
-Rest of file…+<code>Rest of file…
  
 HidServAuth qb7burbgiso43fzv.onion  N#@#@#@#@#@#@#@#@#@#@B HidServAuth qb7burbgiso43fzv.onion  N#@#@#@#@#@#@#@#@#@#@B
 +</code>
 And restart TOR. And restart TOR.
 +
 For your browser, you have to dig up the torrc file that comes with it.  It will be somewhere like ~/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc.   For your browser, you have to dig up the torrc file that comes with it.  It will be somewhere like ~/tor-browser_en-US/Browser/TorBrowser/Data/Tor/torrc.  
 +
 Add the same line to the end of the file and restart the browser. Add the same line to the end of the file and restart the browser.
 +
 There it is, a secure interface to control the VK3RWO repeater, which I can access anywhere. There it is, a secure interface to control the VK3RWO repeater, which I can access anywhere.
  
-Keys on your Android Phone+===== Keys on your Android Phone ===== 
 Within Orbot, you need to click the 3 dots on the top right, click Hidden Services, then Client cookies.  Enter the site and the key….  Restart Orbot.  Simple as that! Within Orbot, you need to click the 3 dots on the top right, click Hidden Services, then Client cookies.  Enter the site and the key….  Restart Orbot.  Simple as that!
-Upgrading to TOR V3+ 
 +===== Upgrading to TOR V3 ===== 
 At the time of writing this, TOR V3 has been released stable.  The astute amongst us would have noticed that the address for my website above was 56 characters long vs. 16 characters long for a V2 address. At the time of writing this, TOR V3 has been released stable.  The astute amongst us would have noticed that the address for my website above was 56 characters long vs. 16 characters long for a V2 address.
-Note:  Upgrading to V3 does not (yet) allow 56 character names on Hidden Auth Services, they still have to be 16 characters long.+ 
 +//Note:  Upgrading to V3 does not (yet) allow 56 character names on Hidden Auth Services, they still have to be 16 characters long.// 
 If you wish to have the 56 character long onion, you need to either: If you wish to have the 56 character long onion, you need to either:
-Centos/Fedora, compile TOR from source, or  +  * Centos/Fedora, compile TOR from source, or  
-Debian/Ubuntu, add repositories and install it.+  Debian/Ubuntu, add repositories and install it.
 The following applies to Ubuntu Bionic Beaver (18.04LTS). The following applies to Ubuntu Bionic Beaver (18.04LTS).
 +
 In a shell, you need to install apt-transport-https and modify the sources: In a shell, you need to install apt-transport-https and modify the sources:
-#  sudo apt install apt-transport-https +<code>#  sudo apt install apt-transport-https 
-#  sudo nano /etc/apt/sources.list+#  sudo nano /etc/apt/sources.list</code>
 Add the following to the bottom of the file and save it: Add the following to the bottom of the file and save it:
-deb https://deb.torproject.org/torproject.org bionic main +<code>deb https://deb.torproject.org/torproject.org bionic main 
-deb-src https://deb.torproject.org/torproject.org bionic main+deb-src https://deb.torproject.org/torproject.org bionic main</code>
 Then you need to add the gpg keys to sign the packages, update the repositories and install it, in the shell type: Then you need to add the gpg keys to sign the packages, update the repositories and install it, in the shell type:
-#  gpg2 --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89+<code>#  gpg2 --recv A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89
 #  gpg2 --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add - #  gpg2 --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | apt-key add -
 #  apt update #  apt update
-#  apt install tor deb.torproject.org-keyring+#  apt install tor deb.torproject.org-keyring</code>
 Make sure its enabled and running: Make sure its enabled and running:
-#  systemctl enable tor +<code>#  systemctl enable tor 
-#  systemctl restart tor+#  systemctl restart tor</code>
 Now to convert your sites to V3 addresses, edit your /etc/tor/torrc, and add the following line: Now to convert your sites to V3 addresses, edit your /etc/tor/torrc, and add the following line:
-HiddenServiceDir /var/lib/tor/hidden_service/+<code>HiddenServiceDir /var/lib/tor/hidden_service/
 HiddenServicePort 80 127.0.0.1:8083 HiddenServicePort 80 127.0.0.1:8083
 #HiddenServicePort 22 127.0.0.1:22 #HiddenServicePort 22 127.0.0.1:22
-HiddenServiceVersion 3+HiddenServiceVersion 3</code>
 Save the file and restart TOR.  Your new address will be in hostname. Save the file and restart TOR.  Your new address will be in hostname.
-If you have HiddenServiceAuthorizeClient option on your site, when you restart TOR, it will fail as V3 does not yet support this. + 
-Further investigation+If you have //HiddenServiceAuthorizeClient// option on your site, when you restart TOR, it will fail as V3 does not yet support this. 
 + 
 +===== Further investigation ===== 
 There is only one thing I can see needing further investigation: There is only one thing I can see needing further investigation:
-Other Ham uses of the Dark Web. +  * Other Ham uses of the Dark Web. 
-Summary+===== Summary ===== 
 This is about as good as you can get for security, anonymity and Access of equipment on the other side of public NAT’s and Firewalls.  We have created a dark web server, that has: This is about as good as you can get for security, anonymity and Access of equipment on the other side of public NAT’s and Firewalls.  We have created a dark web server, that has:
-No IP address anybody can find. +  * No IP address anybody can find. 
-A web address that is not publicly accessible on the clear web. +  A web address that is not publicly accessible on the clear web. 
-A way around Public NAT’s on 4G connections +  A way around Public NAT’s on 4G connections 
-A way around Firewalls. +  A way around Firewalls. 
-No open ports on your router. +  No open ports on your router. 
-An address that only you will know, if it is found by (a deliberate) accident, +  An address that only you will know, if it is found by (a deliberate) accident, 
-You have authentication that only you have the key to +    You have authentication that only you have the key to 
-An address that you don't pay for +  An address that you don't pay for 
-You’re able to change that address if something goes horribly wrong with the address your using. +  You’re able to change that address if something goes horribly wrong with the address your using. 
-Not paying for a VPN +  Not paying for a VPN 
-You don't have any hassles if your IP address changes, TOR will repopulate+  You don't have any hassles if your IP address changes, TOR will repopulate
 The downside, its slower than the clear web. The downside, its slower than the clear web.
-A Parting thought+===== A Parting thought ===== 
 As I mentioned earlier, “think pi-star”, I thought I’d leave these couple of photos as food for thought. As I mentioned earlier, “think pi-star”, I thought I’d leave these couple of photos as food for thought.
 +{{ :tor:dw-howto_html_602a351524549e1e.jpg?direct&200|}}
 Here is a Raspberry Pi 3b, an MMDVM board, and an Optus 4G modem with an “extra” data sim that is attached to my mobile plan.  Optus will not give public IP addresses to personal plans,and as a result, this device is behind a Public NAT. Here is a Raspberry Pi 3b, an MMDVM board, and an Optus 4G modem with an “extra” data sim that is attached to my mobile plan.  Optus will not give public IP addresses to personal plans,and as a result, this device is behind a Public NAT.
 +
 Note, there is NO cable plugged into the LAN port of the Pi. Note, there is NO cable plugged into the LAN port of the Pi.
 +
 This is the start of the MultiMode VK3RWO repeater… This is the start of the MultiMode VK3RWO repeater…
 +
 Getting the 4G modem to work on a command line Pi without user interaction is an article on its own…... Getting the 4G modem to work on a command line Pi without user interaction is an article on its own…...
  
-Here is the proof in the pudding.  The Pi-star interface is accessible over the 4G network, behind a public NAT, as a TOR hidden service on the dark web with Client Key protection.  What more do you want?+Here is the proof in the pudding.  The Pi-star interface is accessible over the 4G network, behind a public NAT, as a TOR hidden service on the dark web with Client Key protection.  
  
 +What more do you want?
  
 +{{ :tor:dw-howto_html_6a1c73f00d5357ea.png?direct&600 |}}
darkweb_service.1537021497.txt.gz · Last modified: 2018/09/15 14:24 by vk3smb

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki