Create hidden service in TOR like Silk Road or DarkNet

Create hidden service in TOR like Silk Road or DarkNet - blackMORE Ops
Image Credit: WikiPedia

How many of you have heard of a hidden service in TOR like the Silk Road? It’s really not some mystical location on the dark side of the Internet, or darknet. While it does sound a bit fantastic, a hidden service in TOR is just a server that is connected to TOR network and is only accessible by a uniquely generated domain name (.onion). The idea is that there aren’t supposed to be any IP’s associated with the server once it’s set up on TOR – making it untraceable. Of course there are ways of exploiting a vulnerability that will reveal that address, but I won’t go into that. Essentially a hidden service is just a web service on TOR. In this post, I will show how to create hidden service in TOR like Silk Road or DarkNet.

However, one might think why its necessary to create hidden service in TOR like Silk Road? After all, Silk Road was an illegal service that was taken down. But in many cases It might be necessary not because you want to create something illegal like Silk Road, but it’s necessary for the people in oppressed states where you don’t have a right to express yourself and you still want information passed onto the outside world. Use it well and for legit purposes.

If you have never used TOR, here’s the guide on how to setup TOR in Linux. This guide specifically detail steps required to create hidden service in TOR which can be used on a Kali/Debian/Ubuntu distro etc.

1. Update and upgrade you system

apt-get update
apt-get upgrade

2. Install a Web Server

If you’re using Kali Linux, you already have Apache Web Server installed and configured for you. Else install Apache.

apt-get install apache2

3. Install TOR

Now it’s time to install TOR. You can install via apt-get as it’s available in any repository. You don’t need to download the binary or source code.

apt-get install tor

4. Edit TOR Configuration file

After you’ve install TOR, you need to open the configuration file and edit it. It’s usually in /etc/tor/ folder. Use your favorite editor.

vi /etc/tor/torrc

You should change the port numbers in the configuration file. Verify the IP you web server is listening on (change it if you want). I use 6666. What happens in the configuration file is that the TOR service will listen on a certain port and address (accessible only via TOR) and then redirect that traffic to your Web Server.

In the configuration file navigate to the first instance of this:

HiddenServiceDir /Library/Tor/var/lib/tor/hidden_service/
HiddenServicePort 80 127.0.0.1:8080

The HiddenServiceDir field is a directory location (non-arbitrary) in which you specify where you want TOR to create your key and .onion address (hostname). It will generate two files in the directory to which you point it, one for each artifact (see step 6).

The HiddenServicePort field is where you specify which ports you want TOR to listen on and to redirect to.

So in my case, I have TOR listening on port 7777 which then redirects to my Apache Web Server on 6666 (which is what I configured Apache to listen on). So when I navigate to my .onion address on port 7777, I will be sent to the home directory of my Apache server (/var/www). Remember that whatever web server you are running, your traffic will be directed to the HOME directory of that server, wherever that may be. Make sense?

In my case, my torrc file contains these two fields:

HiddenServiceDir  /var/lib/tor/hidden_service
HiddenServicePort 6666 127.0.0.1:7777

127.0.0.1:7777 is what TOR is listening on, and 6666 is where it is redirecting (and where Apache is listening). It doesn’t matter if Apache is listening on a port that is public or private (localhost). If you have Apache listening on a port on your public interface, then you should block it at the firewall so as to not leave the Web Server open to the world.

Again, by default the TOR service will point to your Web Server’s default directory. So in my case when I navigate to my hidden service I get dropped into /var/www. You might be able to change this. You can also have more than one hidden service running at once. Just repeat this configuration for each instance and create different directories on your Web Server.

So to bring this configuration into perspective, let me summarize. You have a TOR service listening on a certain port on a uniquely generated .onion URL that redirects traffic to whatever port you Web Server is listening on. Keep in mind that you are still connected to the internet on your normal IP and your Web Server can get pwned if you make whatever port it’s listening in on available to the outside! You should only open up the port that TOR is listening on in your firewall configuration.

Your service will only be accessible via the .onion address so you don’t have to worry about people stumbling upon it by accident (unless they guess or steal your .onion address – which should be difficult).

5. Start required services

Start the TOR service and Web Server:

tor
service apache2 start

6. Sit back and enjoy

When you start the tor service for the first time it will generate your key and hostname in the directory you specified in the configuration file. Navigate there and copy your address. This is the URL for your .onion address.

Conclusion

There are some anonymity issues you should keep in mind too:

  • As mentioned above, be careful of letting your web server reveal identifying information about you, your computer, or your location. For example, readers can probably determine whether it’s thttpd or Apache, and learn something about your operating system.
  • If your computer isn’t online all the time, your hidden service won’t be either. This leaks information to an observant adversary.
  • It is generally a better idea to host hidden services on a Tor client rather than a Tor relay, since relay uptime and other properties are publicly visible.
  • The longer a hidden is online, the higher the risk that its location is discovered. The most prominent attacks are building a profile of the hidden service’s availability and matching induced traffic patterns.

And finally, yeah don’t go and reate hidden service in TOR like Silk Road or DarkNet! Why? Cause Silk Road got taken down, which means nothing is untraceable. Though tracing something like this will take months of collaboration between TOR service providers and Exit Gateways, but it can be traced. Nothing in untraceable, it just takes time and efforts. Use this guide for educational purposes only.

Tor Manuals

  1. Tor: Hidden Service Protocol
  2. Configuring Hidden Services for Tor

Check Also

tor-rootkit - A Python 3 standalone Windows 10 and Linux Rootkit

tor-rootkit – A Python 3 standalone Windows 10 and Linux Rootkit

Windows 10 Rootkit

SamSam Ransomware

SamSam Ransomware

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the …

6 comments

  1. nice method.. But lacking in additional security this method is old and outdated now you should look at ways in which to protect the server.

  2. Or i can just make an ISIS site so me and my brother can hangout and share ideas about how to break the west,

  3. or you will leak your location information like the noob ISIS did before.. HEHEH and let the west finish you all off

Leave your solution or comment to help others.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Discover more from blackMORE Ops

Subscribe now to keep reading and get access to the full archive.

Continue reading

Privacy Policy on Cookies Usage

Some services used in this site uses cookies to tailor user experience or to show ads.