Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Thor

Pages: [1] 2

Anonymity and Privacy / Re: ISP and GOOGLE privacy question

« on: August 12, 2014, 05:50:43 pm »

ISPs often have backdoor access to routers to to enable them to provide remote support for users. If you telnet/ssh into your router you should be able to add a firewall rule to block access to whichever port they are using.

As for google, I have no idea why they would be scanning your router for open ports, but they certainly weren't trying to "hack" you.

Hacking and Security / Re: Hosting a .onion server and staying anonymous?

« on: January 20, 2014, 08:29:25 am »

Quote from: Inquisitor Sasha on January 18, 2014, 04:46:25 pm

Hosting a .onion site is not going to make you anonymous. Not in the slightest. I believe that the .onion TLD is part of a DNS root hosted by Tor and only accessible through Tor or maybe though using their DNS server. I don't know what the process for registering a .onion domain is. There might be less requirements to turn over information for .onion than with other TLDs, but that's not going to make you anonymous.

Use of a specific TLD will not make you anonymous. Where you're going to run into trouble staying anonymous is with the server. You're going to need to have a server hosted somewhere that people won't be able to hunt for you. In most cases, a hosting provider's privacy policy will be enough, as long as you don't host sites with domains that are known to be owned by you or anything like that. If you're trying to evade the law, which I do not support, you're going to need to host the server in a country that won't cooperate with your country's law enforcement agencies. Even then, the NSA might try to do things like hack your server to install spyware and catch you that way, depending on how popular your server is. Staying anonymous from governments is very difficult.

Domain names go to IP addresses. These IP addresses identify the device connected to the internet. If you host a server for publishing a drug market website, it doesn't matter if you use .onion for your domain name; it will lead to your IP address if you host the server in your house, which will lead to the police breaking down your door.

Not true.
Domain names used for tor hidden services aren't actually domain names. You don't register them the way you would with a normal domain name. It works using key pairs, just like bitcoin. When you are creating a hidden service (a .onion service), you generate a key pair (private key + public key). The public key his hashed and halved, and this is the "domain name" for the hidden service. That's why they are generally random looking strings and hard to remember. Having the private key is what gives you ownership of that "domain".

As for finding the ip address of the server, that isn't as simple as you think it is. With tor hidden services, domains don't map back to server ip addresses. You cannot find a servers ip address when only given the hidden service url. The whole point of the hidden service is to mask the location of the server hosting the content. However, it is still possible for the server to be hacked over tor, and this could expose the servers real ip address.

The risks associated depend on what your plans are. You mentioned bitcoin wallets, if you plan on starting up and wallet service or marketplace over tor I would refrain from doing so. In order to safely run either of those services securely a great deal of technological skill and experience is required. With bitcoins being so valuable right now, anything which stores them is a huge target. So unless you are confident in your ability to protect your server from a hoard of cyber criminals looking for bitcoins, and potentially law enforcement depending on what it is you're setting up I'd stay away.

But to answer your question, it is extremely hard to trace a .onion domain to a person, unless you hack the server.

Anonymity and Privacy / Re: Playing their game. An idea, some speculations and discussion.

« on: September 22, 2013, 11:47:55 pm »

If you were able to identify the keywords used by the NSA and your idea actually became a problem for them you can bet they would do their very best to fuck you over. No doubt you would be raided at 5am, have all your possessions seized, family harassed, you'd be called a terrorist and charged with whatever crimes they could pin on you (half of them will be made up) and they'd defend their actions as they always do, to stop the "terrorists".

Hacking and Security / Re: read and download website directory content : is possible ?

« on: September 21, 2013, 03:53:41 am »

You should check you have disabled directory listing on your server. Although it shouldn't allow someone to read the source code, it makes it easy to map the web application and may expose some sensitive files.

Hacking and Security / Re: [HELP] irc client

« on: August 24, 2013, 05:17:17 pm »

Quote from: darkhunter on August 24, 2013, 03:12:10 pm

Thanks again for the answers, however, is an irc client especially because I have heard that only the hackers may have, by chance you heard about it?

There isn't a secret hacker irc client, someone's trolling you.

General discussion / Re: Silkroad Question

« on: August 24, 2013, 01:35:12 am »

If the login/register pages are just refreshing when you attempt to submit data it is possible that you've been linked to a phishing page.

I'm on the silkroad just now and everything's working fine for me.
Here is the correct link to the silkroad, make sure that the one you're visiting is the same. http://silkroadvb5piz3r.onion/

If you have the noscript plugin you might want to try enabling javascript for the silkroad, but be warned that could endanger your anonymity if the site was compromised, but unless you're buying things you don't really need to worry about that

(If enabling javascript works I'd recommend disabling it once you've created your account)

General discussion / Re: Torrenting in College

« on: August 23, 2013, 05:30:58 pm »

If it's on your personal laptop just spoof the mac address when you're connecting to the wireless to torrent. Unless you have to sign into a college gateway to access the internet he won't be able to identify you. (I'm assuming your professors threat is related to students using the college network to torrent).

Your professor sounds like an asshole.

Operating System / Re: How many of you use backtrack 5 and why or if you don't why not ?

« on: August 21, 2013, 01:12:49 am »

Dual-booting BackTrack is unnecessary. I'd recommend just running it in a virtual machine. It's simpler and safer (any damage done by running as root can easily be reversed). It's also more flexible for setting up networks to test.

BackTrack is good for bug research and penetration testing. It comes pre-installed with lots of useful tools which could take a long time to install and configure manually on a normal Linux distro.

As mentioned by WirelessDesert, Kali Linux is the successor to BackTrack. One of the noticeable differences is that all the pre-installed programs are either located or linked in /etc/bin meaning that you can run them directly from the terminal window without having to cd down the /pentest directory which you would have to do in BackTrack. Not a major improvement, but it does save a bit of time.

Operating System / Re: [Linux] Applications you'd rather die than live without

« on: August 16, 2013, 02:51:17 am »

guake - pop down terminal
nano - command line text editor
irssi - my favorite IRC client
bash

edit: proxychains - run an application with proxychains and all the TCP packets will be sent through whichever proxy you configure it to use (default is tor).

General discussion / Re: Interrogation Technique and Simple Rule

« on: August 15, 2013, 02:58:32 am »

Even if you're innocent it's best to stay silent. Cops are good at tricking you and twisting your words.

Just remember that anything you say can ONLY be used AGAINST YOU.

Found it on the Webs / Cheap VPS Hosting Providers

« on: August 14, 2013, 03:04:43 am »

Here's a link to the site http://www.lowendbox.com/

It's very useful if you're looking for a low spec VPS.
There are tons of great deals and promotional offers. Although they aren't the most powerful they have lots of uses and are extremely cheap.

These servers could be used for different low resource services, such as being used as a VPN server, a file hosting service for yourself or an IRC shell/bouncer. You could also use them for any small projects you have for which a server would be useful. The cheapest on the front page is $2 per month... that's cheap.

General discussion / Re: Busted...

« on: August 14, 2013, 02:42:04 am »

Have a look at this site: http://www.lowendbox.com/

They post lots of deals for vps servers. For example, for $10 per YEAR you can get a low end vps with 500gb bandwidth limit (limit per month). Use it as a vpn when torrenting.

C - C++ / Re: [Cpp] What is wrong w/ my code?

« on: August 12, 2013, 02:39:17 am »

I fixed the code for you using the same method you're using to check what type of mathematical operation to perform, but doing what xC said is better, as then you won't have to worry about upper/lower case inputs.

Code: [Select]

#include <iostream>
#include <string>
using namespace std;
int main ()
{
        float a;
        float b;
        float result;
        string asd1;


        cout << "What mathmatical operation would you like to do?";
        cin >> asd1;


        if ((asd1=="addition") || (asd1=="Addition"))
        {
        cout << "What is the first number in your addition sequence? ";
        cin >> a;
        cout << "What is the second number in your addition sequence? ";
        cin >> b;
        result = a+b;
        cout << "The answer is: " << result << ".\n";
        }


        else if ((asd1=="division") || (asd1=="Division"))
        {
        cout << "What is the first number in this division equation? ";
        cin >> a;
        cout << "What is the second number in this division equation? ";
        cin >> b;
        result = a/b;
        cout << "The answer is " << result << ".\n";
        }


        else if ((asd1=="subtraction") || (asd1=="Subtraction"))
        {
        cout << "What is the first number in the subtraction equation?";
        cin >> a;
        cout << "What is the second number?";
        cin >> b;
        result=a-b;
        cout << "The answer is: " << result << ".\n";
        }
        else if ((asd1 == "multiplication") || (asd1=="Multiplication"))
        {
        cout << "What is the first number in your multiplication equation?";
        cin >> a;
        cout << "What is the second number?";
        cin >> b;
        result=a*b;
        cout << "The answer is " << result << ".\n";
        }
        return 0;
        }

Scripting Languages / Re: [Python] IRC Fuzzer - IRCdFuzz.py

« on: August 09, 2013, 09:05:28 pm »

Quote from: ande on August 09, 2013, 08:26:00 pm

Automation, special characters and buffer limitations....

@OP:

Might I suggest you do argument count fuzzing as well. No arguments, the correct amount of arguments, hell of a lot of arguments and fuzz the arguments themselves with a mix of valid and invalid arguments etc. The idea here is to get past some input checks to fuzz the most amount of code.

Thanks for the feedback.

What you're talking about is already possible with this, however the user would have to enter each argument individually in the tests.txt file which isn't ideal, and I agree it should be automated or else it defeats the purpose of using this. I'll get on it eventually

Scripting Languages / Re: [Python] MIT 6.00sc Problem set 2 woes

« on: August 09, 2013, 08:48:04 pm »

Quote from: Sparky712 on August 09, 2013, 08:37:56 pm

look again Thor, looks like you saw this when i accidentally posted early
however, it may be the colon.

Ok, now it works. now, I just have a contatenation problem. >.>' I need to try and make that int a string or something?

That's simple enough.
print "Month: " + str(currentMonth)

str(int) converts the int to a string.

Another thing I'm noticing is this