Welcome to The Forum

Register now to gain access to all of our features. Once registered and logged in, you will be able to create topics, post replies to

existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile

and so much more. This message will be removed once you have signed in.

Active Hackers

The best community of active hackers. This community has been working in hacking for more than 10 years.

Hacker Forum

Hacker from all countries join this community to share their knowledge and their hacking tools

 

    Hacking Tools

    You can find thousands of tools shared by hackers. RAT's, Bot's, Crypters FUD, Stealers, Binders, Ransomware,, Mallware, Virus, Cracked Accounts, Configs, Guides, Videos and many other things.

      PRIV8

      Become a Priv8 user and access all parts of the forum without restrictions and without limit of download. It only costs 100 dollars, and it will last you for a lifetime.

      Read Rules

      In this community we follow and respect rules, and they are the same for everyone, regardless of the user's rank. Read the rules well not to be prohibited.

      dEEpEst

      Cómo crear un sitio de servicio oculto Tor para configurar un sitio web o servidor anónimo

      2 posts in this topic

      Hidden Content

        Give reaction to this post to see the hidden content.
       es una red segura y anónima que permite a cualquier persona acceder a sitios web con anonimato. La gente normalmente usa Tor para acceder a sitios web normales, pero no es necesario. Si desea configurar su propio sitio web anónimo, puede crear un servicio oculto en el sitio Tor. Su sitio web de servicio oculto se ejecuta completamente dentro de Tor, por lo que nadie sabrá quién creó y ejecuta el sitio web. Sin embargo, solo las personas que usan Tor pueden acceder a él. Servicio oculto Los sitios Tor son ideales para cualquiera que desee crear un sitio web anónimo, como activistas políticos en 

      Hidden Content

        Give reaction to this post to see the hidden content.
       .

       

      No todos los servicios ocultos tienen que ser sitios web. Puede crear un 

      Hidden Content

        Give reaction to this post to see the hidden content.
       , un 

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.
       o cualquier otro tipo de servidor y ofrecerlo como un servicio oculto en Tor. Este tutorial se centrará en la configuración de un sitio Tor oculto utilizando el servidor web Savant , que Tor recomienda, en Windows. Los pasos también se pueden aplicar a otros sistemas operativos y servidores web. 

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.
       , que Tor recomienda, en Windows. Los pasos también se pueden aplicar a otros sistemas operativos y servidores web.

      Paso 1: instala Tor

      Para comenzar, tendrá que 

      Hidden Content

        Give reaction to this post to see the hidden content.
       en su computadora. Si ya lo tiene instalado, puede omitir este paso. Por defecto, Tor instala el 

      Hidden Content

        Give reaction to this post to see the hidden content.
       , que incluye un navegador Firefox especialmente configurado.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Verá un icono de cebolla verde en la bandeja del sistema cuando esté conectado a la red Tor.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Tor siempre debe estar ejecutándose en su sistema para que el servicio oculto sea accesible. Si su computadora está apagada, desconectada de Internet o si Tor no está funcionando, no se podrá acceder al lado oculto Tor del servicio. Esto tiene algunas implicaciones de anonimato: teóricamente es posible inferir si su computadora ejecuta o no el servicio oculto al ver si está accesible cuando su computadora está apagada.

      Paso 2: Instalar y configurar un servidor web

      Necesitará un servidor web para servir el sitio de servicio oculto de su sistema. 

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.
       para servir el sitio de servicio oculto de su sistema. 

      Hidden Content

        Give reaction to this post to see the hidden content.
       recomienda no usar el 

      Hidden Content

        Give reaction to this post to see the hidden content.
       común . En cambio, Tor recomienda usar el 

      Hidden Content

        Give reaction to this post to see the hidden content.
       en Windows o el 

      Hidden Content

        Give reaction to this post to see the hidden content.
       en Mac OS X, Linux y otros sistemas operativos tipo UNIX. La documentación de Tor señala que Apache " [es] grande y tiene muchos lugares donde podría revelar su dirección IP u otra información de identificación, por ejemplo en 404 páginas", pero también señala que " Savant probablemente también tenga estos problemas 

      Utilizaremos Savant como ejemplo aquí, pero puede establecer las mismas opciones en otros servidores web. Para configurar Savant, inicie su ventana principal y haga clic en el botón Configuración.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Desde la ventana de configuración, deberá configurar el cuadro " Server DNS Entry " en " localhost " para enlazar Savant con localhost. Esto garantiza que solo se pueda acceder a su sitio web desde su computadora local, para que la gente no pueda acceder a él a través de la Web normal y vea que está alojando el servicio oculto del sitio Tor.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Después de configurar el servidor web , querrá agregar su contenido. De forma predeterminada, Savant usa el 

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.
       configurado, querrá agregar su contenido. De forma predeterminada, Savant usa el directorio C: \ Savant \ Root(puede cambiar esto desde la pestaña Rutas ). Asegúrese de reemplazar el archivo index.html en este directorio con el archivo que desea como página de inicio.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Paso 3: configura el servicio oculto

      Ahora que Tor está instalado y se está ejecutando un servidor web , todo lo que tiene que hacer es decirle a Tor al respecto. Debería poder agregar esta información al archivo torrc a través de la interfaz gráfica de usuario de Vidalia, pero experimenté errores y tuve que hacerlo a mano. 

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.
       está ejecutando, todo lo que tiene que hacer es decirle a Tor al respecto. Debería poder agregar esta información al archivo torrc a través de la interfaz gráfica de usuario de Vidalia, pero experimenté errores y tuve que hacerlo a mano.

      Primero, cierra Tor si se está ejecutando.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Luego, ubique su archivo torrc. Si instaló el paquete del navegador Tor, lo encontrará en el directorio Tor Browser \ Data \ Tor . Abra este archivo con el 

      Hidden Content

        Give reaction to this post to see the hidden content.
       .

      Hidden Content

        Give reaction to this post to see the hidden content.

      Agregue la siguiente sección al final del archivo:

      # 
      HiddenService HiddenServiceDir C: \ Users \ Name \ tor_service 
      HiddenServicePort 80 127.0.0.1:80

      Reemplace C: \ Users \ Name \ tor_servicecon la ruta a un directorio que Tor puede leer y escribir en su sistema. No use el directorio que ya contiene su sitio web. Esto debería ser un directorio vacío.

      Reemplace el  : 80 con el puerto que el 

      Hidden Content

        Give reaction to this post to see the hidden content.

      Hidden Content

        Give reaction to this post to see the hidden content.
       está usando en su sistema. Por ejemplo, si el servidor web se ejecuta en el puerto 5000, usaría la línea que el servidor web está utilizando en su sistema. Por ejemplo, si el servidor web se ejecuta en el puerto 5000, usaría la línea HiddenServicePort 80 127.0.0.1:5000.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Guarde el archivo después de editarlo. También deberá crear el directorio que especificó, si aún no existe.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Reinicia Tor después de hacer esto. Una vez que lo haya hecho, querrá verificar el Registro de mensajes para ver si hay algún mensaje de error.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Si el registro de mensajes no contiene errores, está listo para continuar. Echa un vistazo al directorio de servicios ocultos que has creado. Tor habrá creado dos archivos en el directorio - hostname y private_key. No le dé a nadie el archivo private_key o podrá hacerse pasar por su sitio oculto de servicio Tor.

      Hidden Content

        Give reaction to this post to see the hidden content.

      Querrá abrir el archivo de nombre de host en el Bloc de notas u otro editor de texto. Le dirá la dirección de su nuevo sitio oculto de servicio Tor. Conecte esta dirección en su navegador web Tor y verá su sitio web. Dé la dirección a otras personas para que puedan acceder a su sitio. Recuerde, las personas deben estar usando Tor para acceder a su sitio de servicio oculto.

      Hidden Content

        Give reaction to this post to see the hidden content.

      ¿Has usado Tor o has configurado un sitio Tor oculto? ¡Asegúrate de compartir tus experiencias y cualquier consejo que tengas en los comentarios!

      • Thanks 2

      Share this post


      Link to post
      Share on other sites
      Guest
      This topic is now closed to further replies.

      • Similar Content

        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Konan is an advanced open source tool designed to brute force directories and files names on web/application servers.
          Support Platforms
              Linux     Windows     MacOSX
          Hidden Content
          Give reaction to this post to see the hidden content.  
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Quarantyne - Modern Web Firewall: Stop Account Takeovers, Weak Passwords, Cloud IPs, DoS Attacks, Disposable Emails
          Automated web security made simple
          Quarantyne is a reverse-proxy that protects web applications and APIs from fraudulent behavior, misuse, bots and cyber-attacks in real-time.
          Requirements
              Java 8 Presentation
          Quarantyne is a reverse-proxy written in java. It fronts a web application or API and protects it from fraudulent behavior, misuse, bots and cyber-attacks. It cannot stop them all, but it will definitely make it harder and more expensive to perform.
          It's like a firewall but smarter, because it does not just block traffic because the user-agent is not in a whitelist. Quarantyne also performs deep request inspection to detect if, for example, the password used has been compromised before, or if the email is disposable, with minimal configuration and no changes in your application. Our coverage section precisely lists what Quarantyne can identify.
          Features
          Wide coverage of common HTTP threats and misuse
          See coverage for a complete list of the threats and misuse Quarantyne can identify and stop.
          Deep traffic analysis
          Quarantyne performs deep inspection of web traffic going to your application to verify that the data being sent is not compromised or junk.
          Generic integration
          Quarantyne adds extra HTTP headers to the request it proxies to your service. For example, an HTTP request coming from AWS will bear the following headers:
              X-Quarantyne-Labels: PCX
              X-Quarantyne-RequestId: 08a0e31a-f1a5-4660-9316-0fdf5d2a959d

          Active protection
          Quarantyne can be configured to stop malicious requests from reaching your servers, avoiding wasting computing/DB/cache resources, metrics skew, junk data... See (Passive vs Active)[#passivevsactive].
          Metrics & health reporting
          Quarantyne binds to an internal adminPort, where metrics (latencies, success rate...) as well as the health of the proxy are reported.
          Privacy friendly / GDPR compliance
          Quarantyne is offline software. It runs inside your private network and does not communicate over the Internet with anyone to share data about your traffic, your business, or your users.
          Ops Friendly.
          Single jar with 0 dependencies. Metrics are available on [proxyHost]:[adminPort]/metrics. Service health is available on [proxyHost]:[adminPort]/health

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe
          Hidden Content
          Give reaction to this post to see the hidden content.   Evolution:
              It is quite a fuss for a pentester to perform binge-tool-scanning (running security scanning tools one after the other) sans automation. Unless you are a pro at automating stuff, it is a herculean task to perform binge-scan for each and every engagement. The ultimate goal of this program is to solve this problem through automation; viz. running multiple scanning tools to discover vulnerabilities, effectively judge false-positives, collectively correlate results and saves precious time; all these under one roof.
              Enter RapidScan.
          Features
              one-step installation.
              executes a multitude of security scanning tools, does other custom coded checks and prints the results spontaneously.
              some of the tools include nmap, dnsrecon, wafw00f, uniscan, sslyze, fierce, lbd, theharvester, dnswalk, golismero etc executes under one entity.
              saves a lot of time, indeed a lot time!.
              checks for same vulnerabilities with multiple tools to help you zero-in on false positives effectively.
              legends to help you understand which tests may take longer time, so you can Ctrl+C to skip if needed.
              association with OWASP Top 10 2017 on the list of vulnerabilities discovered. (under development)
              critical, high, medium, low and informational classification of vulnerabilities.
              vulnerability definitions guides you what the vulnerability actually is and the threat it can pose. (under development)
              remediations tells you how to plug/fix the found vulnerability. (under development)
              executive summary gives you an overall context of the scan performed with critical, high, low and informational issues discovered. (under development)
              artificial intelligence to deploy tools automatically depending upon the issues found. for eg; automates the launch of wpscan and plecost tools when a wordpress installation is found. (under development)
              detailed comprehensive report in a portable document format (*.pdf) with complete details of the scans and tools used. (under development)

          FYI:
              program is still under development, works and currently supports 80 vulnerability tests.
              parallel processing is not yet implemented, may be coded as more tests gets introduced.

          Vulnerability Checks
              DNS/HTTP Load Balancers & Web Application Firewalls.
              Checks for Joomla, WordPress and Drupal
              SSL related Vulnerabilities (HEARTBLEED, FREAK, POODLE, CCS Injection, LOGJAM, OCSP Stapling).
              Commonly Opened Ports.
              DNS Zone Transfers using multiple tools (Fierce, DNSWalk, DNSRecon, DNSEnum).
              Sub-Domains Brute Forcing.
              Open Directory/File Brute Forcing.
              Shallow XSS, SQLi and BSQLi Banners.
              Slow-Loris DoS Attack, LFI (Local File Inclusion), RFI (Remote File Inclusion) & RCE (Remote Code Execution).
              & more coming up...

          Requirements
              Python 2.7
              Kali OS (Preferred, as it is shipped with almost all the tools)
              For other OS flavours, working on a docker support. Hang on.

          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.
          Hidden Content
          Give reaction to this post to see the hidden content.  
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content.  
          About WhatWeb
          WhatWeb identifies websites. Its goal is to answer the question, "What is that Website?". WhatWeb recognises web technologies including content management systems (CMS), blogging platforms, statistic/analytics packages, JavaScript libraries, web servers, and embedded devices. WhatWeb has over 1800 plugins, each to recognise something different. WhatWeb also identifies version numbers, email addresses, account IDs, web framework modules, SQL errors, and more.
          WhatWeb can be stealthy and fast, or thorough but slow. WhatWeb supports an aggression level to control the trade off between speed and reliability. When you visit a website in your browser, the transaction includes many hints of what web technologies are powering that website. Sometimes a single webpage visit contains enough information to identify a website but when it does not, WhatWeb can interrogate the website further. The default level of aggression, called 'stealthy', is the fastest and requires only one HTTP request of a website. This is suitable for scanning public websites. More aggressive modes were developed for use in penetration tests.
          Most WhatWeb plugins are thorough and recognise a range of cues from subtle to obvious. For example, most WordPress websites can be identified by the meta HTML tag, e.g. '', but a minority of WordPress websites remove this identifying tag but this does not thwart WhatWeb. The WordPress WhatWeb plugin has over 15 tests, which include checking the favicon, default installation files, login pages, and checking for "/wp-content/" within relative links.
          Features
              Over 1800 plugins     Control the trade off between speed/stealth and reliability     Performance tuning. Control how many websites to scan concurrently.     Multiple log formats: Brief (greppable), Verbose (human readable), XML, JSON, MagicTree, RubyObject, MongoDB, ElasticSearch, SQL.     Proxy support including TOR     Custom HTTP headers     Basic HTTP authentication     Control over webpage redirection     IP address ranges     Fuzzy matching     Result certainty awareness     Custom plugins defined on the command line     IDN (International Domain Name) support

          Hidden Content
          Give reaction to this post to see the hidden content.
        • By itsMe

          Hidden Content
          Give reaction to this post to see the hidden content. Web Data Extractor Pro is a powerful and easy-to-use application which helps you automatically extract specific information from web pages.
          Main Features:
              Completely new powerful spidering engine
              Completely reworked UI - slick & sexy
              Pro version of WDE doesn't have any limits - feel free to process thousands of sites, gigabytes of data
              Extremely fast search and accuracy
              Extract any data you want by Custom data extraction
              Support of working with proxy servers' list
              New session management allows you manage huge amount of data
              Brand new simplified user interface
              Unicode support

          Hidden Content
          Give reaction to this post to see the hidden content.