Worm, Virus & Trojan Horse: Ethical Hacking Tutorial

 Some of the skills that hackers have are programming and computer networking skills. They often use these skills to gain access to systems. The objective of targeting an organization would be to steal sensitive data, disrupt business operations or physically damage computer controlled equipment. Trojans, viruses, and worms can be used to achieve the above-stated objectives.

In this article, we will introduce you to some of the ways that hackers can use Trojans, viruses, and worms to compromise a computer system. We will also look at the countermeasures that can be used to protect against such activities.

What is a Trojan horse?

A Trojan horse is a program that allows the attack to control the user’s computer from a remote location. The program is usually disguised as something that is useful to the user. Once the user has installed the program, it has the ability to install malicious payloads, create backdoors, install other unwanted applications that can be used to compromise the user’s computer, etc.

The list below shows some of the activities that the attacker can perform using a Trojan horse.

• Use the user’s computer as part of the Botnet when performing distributed denial of service attacks.
• Damage the user’s computer (crashing, blue screen of death, etc.)
• Stealing sensitive data such as stored passwords, credit card information, etc.
• Modifying files on the user’s computer
• Electronic money theft by performing unauthorized money transfer transactions
• Log all the keys that a user presses on the keyboard and sending the data to the attacker. This method is used to harvest user ids, passwords, and other sensitive data.
• Viewing the users’ screenshot
• Downloading browsing history data

What is a worm?

A worm is a malicious computer program that replicates itself usually over a computer network. An attacker may use a worm to accomplish the following tasks;

• Install backdoors on the victim’s computers. The created backdoor may be used to create zombie computers that are used to send spam emails, perform distributed denial of service attacks, etc. the backdoors can also be exploited by other malware.
• Worms may also slowdown the network by consuming the bandwidth as they replicate.
• Install harmful payload code carried within the worm.

What is a Virus?

• A virus is a computer program that attaches itself to legitimate programs and files without the user’s consent. Viruses can consume computer resources such as memory and CPU time. The attacked programs and files are said to be “infected”. A computer virus may be used to;
• Access private data such as user id and passwords
• Display annoying messages to the user
• Corrupt data in your computer
• Log the user’s keystrokes

Computer viruses have been known to employ social engineering techniques. These techniques involve deceiving the users to open the files which appear to be normal files such as Word or Excel documents. Once the file is opened, the virus code is executed and does what it’s intended to do.

Trojans, Viruses, and Worms counter measures

• To protect against such attacks, an organization can use the following methods.
• A policy that prohibits users from downloading unnecessary files from the Internet such as spam email attachments, games, programs that claim to speed up downloads, etc.
• Anti-virus software must be installed on all user computers. The anti-virus software should be updated frequently, and scans must be performed at specified time intervals.
• Scan external storage devices on an isolated machine especially those that originate from outside the organization.
• Regular backups of critical data must be made and stored on preferably read-only media such as CDs and DVDs.
• Worms exploit vulnerabilities in the operating systems. Downloading operating system updates can help reduce the infection and replication of worms.
• Worms can also be avoided by scanning, all email attachments before downloading them.

Trojan, Virus, and Worm Differential Table

	Trojan	Virus	Worm
Definition	Malicious program used to control a victim’s computer from a remote location.	Self replicating program that attaches itself to other programs and files	Illegitimate programs that replicate themselves usually over the network
Purpose	Steal sensitive data, spy on the victim’s computer, etc.	Disrupt normal computer usage, corrupt user data, etc.	Install backdoors on victim’s computer, slow down the user’s network, etc.
Counter Measures	Use of anti-virus software, update patches for operating systems, security policy on usage of the internet and external storage media, etc.

What is Social Engineering? Attacks, Techniques & Prevention

 

What is Social Engineering?

Social engineering is the art of manipulating users of a computing system into revealing confidential information that can be used to gain unauthorized access to a computer system. The term can also include activities such as exploiting human kindness, greed, and curiosity to gain access to restricted access buildings or getting the users to installing backdoor software.
Knowing the tricks used by hackers to trick users into releasing vital login information among others is fundamental in protecting computer systems
In this tutorial, we will introduce you to the common social engineering techniques and how you can come up with security measures to counter them.

How social engineering Works?

HERE,

• Gather Information: This is the first stage, the learns as much as he can about the intended victim. The information is gathered from company websites, other publications and sometimes by talking to the users of the target system.
• Plan Attack: The attackers outline how he/she intends to execute the attack
• Acquire Tools: These include computer programs that an attacker will use when launching the attack.
• Attack: Exploit the weaknesses in the target system.
• Use acquired knowledge: Information gathered during the social engineering tactics such as pet names, birthdates of the organization founders, etc. is used in attacks such as password guessing.

Common Social Engineering Techniques:

Social engineering techniques can take many forms. The following is the list of the commonly used techniques.

• Familiarity Exploit: Users are less suspicious of people they are familiar with. An attacker can familiarize him/herself with the users of the target system prior to the social engineering attack. The attacker may interact with users during meals, when users are smoking he may join, on social events, etc. This makes the attacker familiar to the users. Let’s suppose that the user works in a building that requires an access code or card to gain access; the attacker may follow the users as they enter such places. The users are most like to hold the door open for the attacker to go in as they are familiar with them. The attacker can also ask for answers to questions such as where you met your spouse, the name of your high school math teacher, etc. The users are most likely to reveal answers as they trust the familiar face. This information could be used to hack email accounts and other accounts that ask similar questions if one forgets their password.
• Intimidating Circumstances: People tend to avoid people who intimidate others around them. Using this technique, the attacker may pretend to have a heated argument on the phone or with an accomplice in the scheme. The attacker may then ask users for information which would be used to compromise the security of the users’ system. The users are most likely give the correct answers just to avoid having a confrontation with the attacker. This technique can also be used to avoid been checked at a security check point.
• Phishing: This technique uses trickery and deceit to obtain private data from users. The social engineer may try to impersonate a genuine website such as Yahoo and then ask the unsuspecting user to confirm their account name and password. This technique could also be used to get credit card information or any other valuable personal data.
• Tailgating: This technique involves following users behind as they enter restricted areas. As a human courtesy, the user is most likely to let the social engineer inside the restricted area.
• Exploiting human curiosity: Using this technique, the social engineer may deliberately drop a virus infected flash disk in an area where the users can easily pick it up. The user will most likely plug the flash disk into the computer. The flash disk may auto run the virus, or the user may be tempted to open a file with a name such as Employees Revaluation Report 2013.docx which may actually be an infected file.
• Exploiting human greed: Using this technique, the social engineer may lure the user with promises of making a lot of money online by filling in a form and confirm their details using credit card details, etc..

• Social Engineering Counter Measures

• Most techniques employed by social engineers involve manipulating human biases. To counter such techniques, an organization can;

  • To counter the familiarity exploit, the users must be trained to not substitute familiarity with security measures. Even the people that they are familiar with must prove that they have the authorization to access certain areas and information.
  • To counter intimidating circumstances attacks, users must be trained to identify social engineering techniques that fish for sensitive information and politely say no.
  • To counter phishing techniques, most sites such as Yahoo use secure connections to encrypt data and prove that they are who they claim to be. Checking the URL may help you spot fake sites. Avoid responding to emails that request you to provide personal information.
  • To counter tailgating attacks, users must be trained not to let others use their security clearance to gain access to restricted areas. Each user must use their own access clearance.
  • To counter human curiosity, it’s better to submit picked up flash disks to system administrators who should scan them for viruses or other infection preferably on an isolated machine.
  • To counter techniques that exploit human greed, employees must be trained on the dangers of falling for such scams.

Summary

• Social engineering is the art of exploiting the human elements to gain access to un-authorized resources.
• Social engineers use a number of techniques to fool the users into revealing sensitive information.
• Organizations must have security policies that have social engineering countermeasures.

Authorities Shut Down Russian RSOCKS Botnet That Hacked Millions of Devices

 

The U.S. Department of Justice (DoJ) on Thursday disclosed that it took down the infrastructure associated with a Russian botnet known as RSOCKS in collaboration with law enforcement partners in Germany, the Netherlands, and the U.K.

The botnet, operated by a sophisticated cybercrime organization, is believed to have ensnared millions of internet-connected devices, including Internet of Things (IoT) devices, Android phones, and computers for use as a proxy service.

Botnets, a constantly evolving threat, are networks of hijacked computer devices that are under the control of a single attacking party and are used to facilitate a variety of large-scale cyber intrusions such as distributed denial-of-service (DDoS) attacks, email spam, and cryptojacking.

"The RSOCKS botnet offered its clients access to IP addresses assigned to devices that had been hacked," the DoJ said in a press release. "The owners of these devices did not give the RSOCKS operator(s) authority to access their devices in order to use their IP addresses and route internet traffic."

Besides home businesses and individuals, several large public and private entities, including a university, a hotel, a television studio, and an electronics manufacturer, have been victimized by the botnet to date, the prosecutors said.

Customers wanting to avail proxies from RSOCKS could rent access via a web-based storefront for different time periods at various price points ranging from $30 per day for access to 2,000 proxies to $200 per day for access to 90,000 proxies.

Once purchased, criminal actors could then redirect malicious internet traffic through the IP addresses associated with the compromised victim devices to conceal their true intent, which was to carry out credential stuffing attacks, access compromised social media accounts, and send out phishing messages.

The action is the culmination of an undercover operation mounted by the Federal Bureau of Investigation (FBI) in early 2017, when it made covert purchases from RSOCKS to map out its infrastructure and its victims, allowing it to determine roughly 325,000 infected devices.

"Through analysis of the victim devices, investigators determined that the RSOCKS botnet compromised the victim device by conducting brute force attacks," the DoJ said. "The RSOCKS backend servers maintained a persistent connection to the compromised device."

The disruption of RSOCKS arrives less than two weeks after it seized an illicit online marketplace known as SSNDOB for trafficking personal information such as names, dates of birth, credit card numbers, and Social Security numbers of about 24 million individuals in the U.S.

BRATA Android Malware Gains Advanced Mobile Threat Capabilities

 

The operators behind BRATA have once again added more capabilities to the Android mobile malware in an attempt to make their attacks against financial apps more stealthy.

"In fact, the modus operandi now fits into an Advanced Persistent Threat (APT) activity pattern," Italian cybersecurity firm Cleafy said in a report last week. "This term is used to describe an attack campaign in which criminals establish a long-term presence on a targeted network to steal sensitive information."

An acronym for "Brazilian Remote Access Tool Android," BRATA was first detected in the wild in Brazil in late 2018, before making its first appearance in Europe last April, while masquerading as antivirus software and other common productivity tools to trick users into downloading them.

The change in the attack pattern, which scaled new highs in early April 2022, involves tailoring the malware to strike a specific financial institution at a time, switching to a different bank only after the victim begins implementing countermeasures against the threat.

Also incorporated in the rogue apps are new features that enable it to impersonate the login page of the financial institution to harvest credentials, access SMS messages, and sideload a second-stage payload ("unrar.jar") from a remote server to log events on the compromised device.

"The combination of the phishing page with the possibility to receive and read the victim's sms could be used to perform a complete Account Takeover (ATO) attack," the researchers said.

Additionally, Cleafy said it found a separate Android app package sample ("SMSAppSicura.apk") that used the same command-and-control (C2) infrastructure as BRATA to siphon SMS messages, indicating that the threat actors are testing out different methods to expand their reach.

The SMS stealer app is said to be specifically singling out users in the U.K., Italy, and Spain, its goal being able to intercept and exfiltrate all incoming messages related to one-time passwords sent by banks.

"The first campaigns of malware were distributed through fake antivirus or other common apps, while during the campaigns the malware is taking the turn of an APT attack against the customer of a specific Italian bank," the researchers said.

"They usually focus on delivering malicious applications targeted to a specific bank for a couple of months, and then moving to another target."

Burp Suite Extension - To Monitor And Keep Track of Tested Endpoints

Burp Scope Monitor Extension

A Burp Suite Extension to monitor and keep track of tested endpoints.

Main Features

• Simple, easy way to keep track of unique endpoints when testing an application
• Mark individual endpoints as analyzed or not
• Instantly understand when a new endpoint, not tested is requested
• Accessible from Proxy tab (right click, mark request as analyzed/not)
• Send to Repeater
• Enforcement of Burp's in scope rules
• Import/Export state file directly to a CSV file for
• Autosave option

Installation

1. Make sure you have Jython configured under Extender -> Options -> Python Environment. For further instructions, check PortSwigger official instructions at their support page.
2. git clone git@github.com:Regala/burp-scope-monitor.git
3. Import main.py in Extender - Extender -> Extensions -> Add -> Select Python -> Select main.py

Documentation

Most of the options available in General or Import tabs are auto-explanatory.

• "Repeater request automatically marks as analyzed" - when issuing a request to an endpoint from repeater, it marks this request as analyzed automatically.
• "Color request in Proxy tab" - this essentially applies the behavior of the extension in the Proxy tab, if you combine these options with "Show only highlighted items" in Proxy. However, it's not as pleasant to the eyes as the color pallete is limited.
• "Autosave periodically" - backups the state file every 10 minutes. When activating this option, consider disabling "Autostart Scope Monitor". This is in order to maintain a different state file per Burp project. However, you can easily maintain only one, master state file.
• "Import/Export" is dedicated to handle the saved state files. It's preferred to open your Burp project file associated with the Scope Monitor. It will still work if the Burp project is different, but when loading the saved entries, you won't be able to send them to Repeater or view the request itself in the Request/Response viewer (this is due to the fact that we are not storing the actually requests - just the endpoint, it's analyzed status and a couple of other more. This makes it a little bit more efficient).

Future Development

• Keep track of parameters observed in all requests
• Highlight when a new parameter was used in an already observed/analyzed endpoint
• Export to spreadsheet / Google Sheets
• Adding notes to the endpoint

Implementation

The code is not yet performant, optimized or anything similar. KISS and it works. Performance will be increased depending on demand and how the extension performs when handling large Burp projects.

To circumvent some of Burp's Extender API limitations, some small hacks were implemented. One of those is automatically setting a comment on the requests that flow in the Proxy tab.

You can still add comments on the items, as you'd normally would, but just make sure to keep the placeholder string (scope-monitor-placeholder) there.

Hopefully in the future each requestResponse from Burp will have a unique identifier, which would make the import state / load from file much cleaner and fast. With large state files, this might hang a bit when loading.

Download Burp Scope Monitor 

Deep Web links...

To browse .onion Deep Web links, install Tor Browser from http://torproject.org/

 

Hidden Service lists and search engines

http://3g2upl4pq6kufc4m.onion/ – DuckDuckGo Search Engine

http://xmh57jrzrnw6insl.onion/ – TORCH – Tor Search Engine

http://zqktlwi4fecvo6ri.onion/wiki/index.php/Main_Page – Uncensored Hidden Wiki

http://32rfckwuorlf4dlv.onion/ – Onion URL Repository

http://e266al32vpuorbyg.onion/bookmarks.php – Dark Nexus

http://5plvrsgydwy2sgce.onion/ – Seeks Search

http://2vlqpcqpjlhmd5r2.onion/ – Gateway to Freenet

http://nlmymchrmnlmbnii.onion/ – Is It Up?

http://kpynyvym6xqi7wz2.onion/links.html – ParaZite

http://wiki5kauuihowqi5.onion/ – Onion Wiki

http://torwikignoueupfm.onion/index.php?title=Main_Page – Tor Wiki

http://kpvz7ki2v5agwt35.onion – The Hidden Wiki

http://idnxcnkne4qt76tg.onion/ – Tor Project: Anonymity Online

http://torlinkbgs6aabns.onion/ – TorLinks

http://jh32yv5zgayyyts3.onion/ – Hidden Wiki .Onion Urls

http://wikitjerrta4qgz4.onion/ – Hidden Wiki – Tor Wiki

http://xdagknwjc7aaytzh.onion/ – Anonet Webproxy

http://3fyb44wdhnd2ghhl.onion/wiki/index.php?title=Main_Page – All You’re Wiki – clone of the clean hidden wiki that went down with freedom hosting

http://3fyb44wdhnd2ghhl.onion/ – All You’re Base

http://j6im4v42ur6dpic3.onion/ – TorProject Archive

http://p3igkncehackjtib.onion/ – TorProject Media

http://kbhpodhnfxl3clb4.onion – Tor Search

http://cipollatnumrrahd.onion/ – Cipolla 2.0 (Italian)

http://dppmfxaacucguzpc.onion/ – TorDir – One of the oldest link lists on Tor

Marketplace Financial

http://torbrokerge7zxgq.onion/ – TorBroker – Trade securities anonymously with bitcoin, currently supports nearly 1000 stocks and ETFs

http://fogcore5n3ov3tui.onion/ – Bitcoin Fog – Bitcoin Laundry

http://2vx63nyktk4kxbxb.onion/ – AUTOMATED PAYPAL AND CREDIT CARD STORE

http://samsgdtwz6hvjyu4.onion – Safe, Anonymous, Fast, Easy escrow service.

http://easycoinsayj7p5l.onion/ – EasyCoin – Bitcoin Wallet with free Bitcoin Mixer

http://jzn5w5pac26sqef4.onion/ – WeBuyBitcoins – Sell your Bitcoins for Cash (USD), ACH, WU/MG, LR, PayPal and more

http://ow24et3tetp6tvmk.onion/ – OnionWallet – Anonymous Bitcoin Wallet and Bitcoin Laundry

http://qc7ilonwpv77qibm.onion/ – Western Union Exploit

http://3dbr5t4pygahedms.onion/ – ccPal Store

http://y3fpieiezy2sin4a.onion/ – HQER – High Quality Euro Replicas

http://qkj4drtgvpm7eecl.onion/ – Counterfeit USD

http://nr6juudpp4as4gjg.onion/pptobtc.html – PayPal to BitCoins

http://nr6juudpp4as4gjg.onion/doublecoins.html – Double Your BitCoins

http://lw4ipk5choakk5ze.onion/raw/4588/ – High Quality Tutorials

Marketplace Commercial Services

http://6w6vcynl6dumn67c.onion/ – Tor Market Board – Anonymous Marketplace Forums

http://wvk32thojln4gpp4.onion/ – Project Evil

http://5mvm7cg6bgklfjtp.onion/ – Discounted electronics goods

http://lw4ipk5choakk5ze.onion/raw/evbLewgkDSVkifzv8zAo/ – Unfriendlysolution – Legit hitman service

http://nr6juudpp4as4gjg.onion/torgirls.html – Tor Girls

http://tuu66yxvrnn3of7l.onion/ – UK Guns and Ammo

http://nr6juudpp4as4gjg.onion/torguns.htm – Used Tor Guns

http://ucx7bkbi2dtia36r.onion/ – Amazon Business

http://nr6juudpp4as4gjg.onion/tor.html – Tor Technology

http://hbetshipq5yhhrsd.onion/ – Hidden BetCoin

http://cstoreav7i44h2lr.onion/ – CStore Carded Store

http://tfwdi3izigxllure.onion/ – Apples 4 Bitcoin

http://e2qizoerj4d6ldif.onion/ – Carded Store

http://jvrnuue4bvbftiby.onion/ – Data-Bay

http://bgkitnugq5ef2cpi.onion/ – Hackintosh

http://vlp4uw5ui22ljlg7.onion/ – EuroArms

http://b4vqxw2j36wf2bqa.onion/ – Advantage Products

http://ybp4oezfhk24hxmb.onion/ – Hitman Network

http://mts7hqqqeogujc5e.onion/ – Marianic Technology Services

http://mobil7rab6nuf7vx.onion/ – Mobile Store

http://54flq67kqr5wvjqf.onion/ – MSR Shop

http://yth5q7zdmqlycbcz.onion/ – Old Man Fixer’s Fixing Services

http://matrixtxri745dfw.onion/neo/uploads/MATRIXtxri745dfwONION_130827231336IPA_pc.png – PC Shop

http://storegsq3o5mfxiz.onion/ – Samsung StorE

http://sheep5u64fi457aw.onion/ – Sheep Marketplace

http://nr6juudpp4as4gjg.onion/betcoin.htm – Tor BetCoin

http://qizriixqwmeq4p5b.onion/ – Tor Web Developer

http://vfqnd6mieccqyiit.onion/ – UK Passports

http://en35tuzqmn4lofbk.onion/ – US Fake ID Store

http://xfnwyig7olypdq5r.onion/ – USA Citizenship

http://uybu3melulmoljnd.onion/ – iLike Help Guy

http://dbmv53j45pcv534x.onion/ – Network Consulting and Software Development

http://lw4ipk5choakk5ze.onion/raw/4585/ – Quick Solution (Hitman)

http://nr6juudpp4as4gjg.onion/tynermsr.htm – Tyner MSR Store

Marketplace Drugs

http://rso4hutlefirefqp.onion/ – EuCanna – Medical Grade Cannabis Buds, Rick Simpson Oil, Ointments and Creams

http://newpdsuslmzqazvr.onion/ – Peoples Drug Store – The Darkweb’s Best Online Drug Supplier!

http://smoker32pk4qt3mx.onion/ – Smokeables – Finest Organic Cannabis shipped from the USA

http://fzqnrlcvhkgbdwx5.onion/ – CannabisUK – UK Wholesale Cannabis Supplier

http://kbvbh4kdddiha2ht.onion/ – DeDope – German Weed and Hash shop. (Bitcoin)

http://s5q54hfww56ov2xc.onion/ – BitPharma – EU vendor for cocaine, speed, mdma, psychedelics and subscriptions

http://ll6lardicrvrljvq.onion/ – Brainmagic – Best psychedelics on the darknet

http://25ffhnaechrbzwf3.onion/ – NLGrowers – Coffee Shop grade Cannabis from the netherlands

http://fec33nz6mhzd54zj.onion/index.php – Black Market Reloaded Forums

http://atlmlxbk2mbupwgr.onion/ – Atlantis Marketplace Forums

http://atlantisrky4es5q.onion/ – Atlantis Marketplace

http://dkn255hz262ypmii.onion/ – Silk Road Forums

http://4yjes6zfucnh7vcj.onion/ – Drug Market

http://k4btcoezc5tlxyaf.onion/ – Kamagra for BitCoins

http://silkroadvb5piz3r.onion/silkroad/home – Silk Road Marketplace

http://5onwnspjvuk7cwvk.onion/ – Black Market Reloaded

Hosting

http://matrixtxri745dfw.onion/ – Image Uploader

http://lw4ipk5choakk5ze.onion/ – PasteThis – Tor based Pastebin

http://wzrtr6gpencksu3d.onion:8080/ – Gittor

http://nr6juudpp4as4gjg.onion/ – Free hosting

http://tklxxs3rdzdjppnl.onion/ – Liberty’s Hackers Hosting Service

http://matrixtxri745dfw.onion/ – Matrix Trilogy

Blogs

http://74ypjqjwf6oejmax.onion/ – Beneath VT – Exploring Virginia Tech’s Steam Tunnels and Beyond

http://76qugh5bey5gum7l.onion/ – Deep Web Radio

http://edramalpl7oq5npk.onion/Main_Page – Encyclopedia Dramatica

http://ih4pgsz3aepacbwl.onion/ – Hushbox

http://ad52wtwp2goynr3a.onion/# – Dark Like My Soul

http://tns7i5gucaaussz4.onion/ – FreeFor

http://gdkez5whqhpthb4d.onion/ – Scientology Archive

http://newsiiwanaduqpre.onion/ – All the latest news for tor

http://5vppavyzjkfs45r4.onion/ – Michael Blizek

http://7ueo7ahq2xlpwx7q.onion/ – AYPSELA News

http://7hk64iz2vn2ewi7h.onion/ – Blog about Stories

http://tigas3l7uusztiqu.onion/ – Mike Tigas

http://mpf3i4k43xc2usxj.onion/ – Sam Whited

http://7w2rtz7rgfwj5zuv.onion/ – An Open Letter to Revolutionaries

http://3c3bdbvhb7j6yab2.onion/ – Totse 2

http://4fvfamdpoulu2nms.onion/ – Lucky Eddie’s Home

http://nwycvryrozllb42g.onion/searchlores/index.htm – Fravia’s Web Searching Lore

http://newsiiwanaduqpre.onion/ – OnionNews – Blog about the onionland

Forums and Chans

http://2gxxzwnj52jutais.onion/phpbb/index.php – Onion Forum 2.0 renewed

http://3fyb44wdhnd2ghhl.onion/ib/ – Onii-Chan

http://bx7zrcsebkma7ids.onion – Jisko

http://npdaaf3s3f2xrmlo.onion/ – Twitter clone

http://jv7aqstbyhd5hqki.onion – HackBB – Hacking & cracking forum

http://xdagknwjc7aaytzh.onion/20/http/1.4.7.9/forummain.htm – Read only access to the Freenet FMS forums via the Anonet Webproxy

http://sbforumaz7v3v6my.onion/ – SciBay Forums

http://kpmp444tubeirwan.onion/ – DeepWeb

http://r5c2ch4h5rogigqi.onion/ – StaTorsNet

http://hbjw7wjeoltskhol.onion – The BEST tor social network! File sharing, messaging and much more. Use a fake email to register.

http://t4is3dhdc2jd4yhw.onion/ – OnionForum 3.0 – New Onionforum for general talk, now with marketplace

http://zw3crggtadila2sg.onion/imageboard/ – TorChan – One of the oldest chans on Tor

Email and Messaging

http://bitmailendavkbec.onion – swiss email

http://365u4txyqfy72nul.onion/ – Anonymous E-mail sevice. You can only communicate with other users currently using this service. So tell all your friends about it!

http://sms4tor3vcr2geip.onion/ – SMS4TOR – Self destructing messages

http://notestjxctkwbk6z.onion/ – NoteBin – Create encrypted self-destructing notes

http://torbox3uiot6wchz.onion/ – [TorBox] The Tor Mail Box

http://u6lyst27lmelm6oy.onion/index.php – Blue matrix chat NOT UP ALL THE TIME so chek often to see when it is

http://wi7qkxyrdpu5cmvr.onion/ – Autistici/Inventati

http://u4uoz3aphqbdc754.onion/ – Hell Online

Political

http://6sgjmi53igmg7fm7.onion/index.php?title=Main_Page – Bugged Planet

http://faerieuaahqvzgby.onion/ – Fairie Underground

http://2r2tz6wzqh7gaji7.onion/ – Kavkaz Center

http://tnysbtbxsf356hiy.onion/ – The New Yorker Strongbox

http://duskgytldkxiuqc6.onion/ – Example rendezvous points page

http://rrcc5uuudhh4oz3c.onion/ – The Intel Exchange Forum :: Information and discussion on various topics, ranging from Illegal Activities and Alternative Energy, to Conspiracy Theories and Hacking. Same people from SnapBBS on a fully secure, moderated and categorized forum.

http://opnju4nyz7wbypme.onion/weblog/index.html – A7B blog :: a blog dedicated to the restoration of a limited constitutional republic in the USA

http://assmkedzgorodn7o.onion/ – Anonymous, safe, secure, crowdfunded assassinations.

http://duskgytldkxiuqc6.onion/comsense.html – Commo Sense by Thomas Paine

http://nwycvryrozllb42g.onion/ – Destination Unknown

http://zbnnr7qzaxlk5tms.onion/ – Wiki Leaks

Hacking

http://salted7fpnlaguiq.onion/ – SALT

http://yj5rbziqttulgidy.onion/ – Itanimulli

http://bbxdfsru7lmmbj32.onion/marketplace/ – Delta Initiative

http://2ogmrlfzdthnwkez.onion/ – Rent-A-Hacker

Warez

http://2gxxzwnj52jutais.onion/ – The Nowhere Server (restored from backup after FH)

http://jntlesnev5o7zysa.onion/ – The Pirate Bay – Torrents

http://am4wuhz3zifexz5u.onion/ – Tor Library – library of books and other media files

http://uj3wazyk5u4hnvtk.onion/ – The Pirate Bay – Torrents (official .onion)

http://doxbindtelxceher.onion/ – DOXBIN

http://wuvdsbmbwyjzsgei.onion/ – Music Downloads

http://lolicore75rq3tm5.onion/ – Lolicore and Speedcore Music

http://xfmro77i3lixucja.onion/ – ebooks

http://vt27twhtksyvjrky.onion/ – lol 20th Century Western Music Recordings and Scores

http://2ygbaoezjdmacnro.onion/ – Pony at Noisebridge

http://xfmro77i3lixucja.onion/ – Imperial Library of Trantor

http://c3jemx2ube5v5zpg.onion/ – Jotunbane’s Reading Club

Drugs Non-commercial

No links found.

Erotic 18+

http://tklxxs3rdzdjppnl.onion/sharepass/ – SharePass – Password sharing community

http://k4jmdeccpnsfe43c.onion/ – Girls Released – Some nice model pics

http://54dgeda4ik6iypui.onion/ – Gallery – Met-Art, FTVX etc sets

http://pinkmethuylnenlz.onion/ – The Pink Meth (mirror)

http://2fqgjzbb2h7yevom.onion/klixen/ – Klixen

http://orsxvca7glswueo7.onion/ – EroDir – Lots and lots of Hentai

http://mmgh3rqeswrlgzdr.onion/ – VOR-COM

Erotic Hard Candy

http://lovezspamopfiqul.onion/ – TLZ discussion board

http://tqjhyhbso4mdcrvh.onion/sciclaycams/ – Sciclay Cams

http://iqlnc7cbykhhurfo.onion/ – LLL – Image and Video down- & upload

http://oglbv4c4kpoobkid.onion/oglb/ – Onion Girl Love Board – Private Board

http://bvunqhdbizqxyuoe.onion/ – Boy Vids 4.0

http://girlbmayme6evpwv.onion/ – Girls and Boys

http://op4jvhn65pjv3slt.onion/ – PedoEmpire

http://7haz75ietrhjds3j.onion/ – All Natural Spanking

http://spofoh4ucwlc7zr6.onion/ – Safe Port Forum

http://tqjhyhbso4mdcrvh.onion/forum/ – BL Forum

http://ftwwebt6e3nb3lmw.onion/ – FTW Image Boards

http://tlz3gig7k46s4r66.onion/ – TLZ private forums

http://vkq6wz4ozmldscii.onion/ – Topic Links – A CP sites link list

Erotic Jailbait

http://66m4z7ygkqghb4tc.onion/ – Some paradisebirds casey videos

Non-English

http://germanyhusicaysx.onion – Deutschland im Deep Web – German forum

http://ffi5v46ttwgx3fby.onion/ – Das ist Deutschland hier 2.0 – German Board

http://paisleli66axejos.onion/ – PAIS

http://hyjmkmb3lfymiprp.onion/hen/papieze/ – Dziecięca pedofilia

http://runionv62ul3roit.onion/ – Russian Onion Union

http://s6cco2jylmxqcdeh.onion/ – ?ltimos bumps

http://5xki35vc4g5ts6gc.onion – GTF Greek Tor Forum . For greek speaking users

http://cipollatnumrrahd.onion/index.php – Cipolla 2.0 – Italian Community

http://runionv62ul3roit.onion – Russian community: market and anonymous talks about security, guns etc.

http://ptrackcp2noqu5fh.onion/ – PoliceTrack – Ne vous faites plus suivre par la police.

http://amberoadychffmyw.onion – Amberoad – russian anonymous market

http://r2d2akbw3jpt4zbf.onion – R2D2 – russian anonymous market

http://ramp2bombkadwvgz.onion – RAMP – biggest russian market (drugs only)

http://szmyt4v4vjbnxpg3.onion/ – Славянский

http://o2tu5zjxjlibrary.onion/ – Bibliotheca Alexandrina

http://xzzpowtjlobho6kd.onion/wordpress/ – DeepBlog

http://zqiirytam276uogb.onion/ – Thorlauta

http://ocbh4hoqs37unvv6.onion – French Deep Web

cyber safety day 7th february 2017

Installing Metasploit Framework on Ubuntu 16.04 LTS and Debian 7

This Guide covers the installation of Metasploit Framework OSS Project on Ubuntun Linux LTS. If you do not wish to run the Open Source version or set up a development environment and do not mind giving your email address to Rapid 7 for marketing I would recommend downloading their comercial installer from http://www.metasploit.com/ for Metasploit Express and Pro. 

If you prefer an all in one installer only for framework the Metasploit team offers nightly built installers at https://github.com/rapid7/metasploit-framework/wiki/Nightly-Installers making a quick setup a breeze if you do not plan to pull separate branches to test experimental code or do development. 

Install Oracle Java 8

We start by adding the Oracle Java Package source

sudo add-apt-repository -y ppa:webupd8team/java

Once added we can install the latest version

sudo apt-get update
sudo apt-get -y install oracle-java8-installer

 

Installing Dependencies

We start by making sure that we have the latest packages by updating the system using apt-get:

sudo apt-get update
sudo apt-get upgrade

Now that we know that we are running an updated system we can install all the dependent packages that are needed by Metasploit Framework:

sudo apt-get install build-essential libreadline-dev libssl-dev libpq5 libpq-dev libreadline5 libsqlite3-dev libpcap-dev git-core autoconf postgresql pgadmin3 curl zlib1g-dev libxml2-dev libxslt1-dev vncviewer libyaml-dev curl zlib1g-dev

Installing a Proper Version of Ruby

The distribution sadly does not comes by default with a proper version of Linux for us to use with Metasploit Framework and we will have to download and compile a proper one. There 2 mains ways recommended for this are using RVM or rbenv (Do not install both choose one or the other). If installing using RVM be warned that symlinks will not work do to the way it places the binary stubs of the metasploit-framework gem

Installing Ruby using RVM:

curl -sSL https://rvm.io/mpapis.asc | gpg2 --import -
curl -L https://get.rvm.io | bash -s stable
source ~/.rvm/scripts/rvm
echo "source ~/.rvm/scripts/rvm" >> ~/.bashrc
source ~/.bashrc
RUBYVERSION=$(wget https://raw.githubusercontent.com/rapid7/metasploit-framework/master/.ruby-version -q -O - )
rvm install $RUBYVERSION
rvm use $RUBYVERSION --default
ruby -v

Installing Ruby using rbenv:

cd ~
git clone git://github.com/sstephenson/rbenv.git .rbenv
echo 'export PATH="$HOME/.rbenv/bin:$PATH"' >> ~/.bashrc
echo 'eval "$(rbenv init -)"' >> ~/.bashrc
exec $SHELL

git clone git://github.com/sstephenson/ruby-build.git ~/.rbenv/plugins/ruby-build
echo 'export PATH="$HOME/.rbenv/plugins/ruby-build/bin:$PATH"' >> ~/.bashrc

# sudo plugin so we can run Metasploit as root with "rbenv sudo msfconsole" 
git clone git://github.com/dcarley/rbenv-sudo.git ~/.rbenv/plugins/rbenv-sudo

exec $SHELL

RUBYVERSION=$(wget https://raw.githubusercontent.com/rapid7/metasploit-framework/master/.ruby-version -q -O - )
rbenv install $RUBYVERSION
rbenv global $RUBYVERSION
ruby -v

Installing Nmap

One of the external tools that Metasploit uses for scanning that is not included with the sources is Nmap. Here we will cover downloading the latest source code for Nmap, compiling and installing:

mkdir ~/Development
cd ~/Development
git clone https://github.com/nmap/nmap.git
cd nmap 
./configure
make
sudo make install
make clean

Configuring Postgre SQL Server

We start by switching to the postgres user so we can create the user and database that we will use for Metasploit

sudo -s
su postgres

Now we create the user and Database, do record the database that you gave to the user since it will be used in the database.yml file that Metasploit and Armitage use to connect to the database.

createuser msf -P -S -R -D
createdb -O msf msf
exit
exit

If you experience problems with the database setup this fedora guide offers a good guide for troubleshooting and setup https://fedoraproject.org/wiki/Metasploit_Postgres_Setup 

Installing Metasploit Framework

We will download the latest version of Metasploit Framework via Git so we can use msfupdate to keep it updated:

cd /opt
sudo git clone https://github.com/rapid7/metasploit-framework.git
sudo chown -R `whoami` /opt/metasploit-framework
cd metasploit-framework

Install using bundler the required gems and versions:

cd metasploit-framework

# If using RVM set the default gem set that is create when you navigate in to the folder
rvm --default use ruby-${RUByVERSION}@metasploit-framework

gem install bundler
bundle install

Lets create the links to the commands so we can use them under any user and not being under the framework folder, for this we need to be in the metasploit-framework folder if not already in it:

cd metasploit-framework
sudo bash -c 'for MSF in $(ls msf*); do ln -s /opt/metasploit-framework/$MSF /usr/local/bin/$MSF;done'

Metasploit for Development and Contribution

If you wish to develop and contribute to the product you can follow the additional steps here Metasploit Dev Environment . For this you will need a GitHub account and you will fork the project in to your own account. I personally keep my dev copy of Metasploit in ~/Development folder and after an initial run of msfconsole I keep my database.yml file in ~/.msf4/cofig folder and adjust the MSF_DATABASE_CONFIG variable for it or run msfconsole with the -y option and point it to a YAML file with the correct configuration.

Installing armitage:

curl -# -o /tmp/armitage.tgz http://www.fastandeasyhacking.com/download/armitage150813.tgz
sudo tar -xvzf /tmp/armitage.tgz -C /opt
sudo ln -s /opt/armitage/armitage /usr/local/bin/armitage
sudo ln -s /opt/armitage/teamserver /usr/local/bin/teamserver
sudo sh -c "echo java -jar /opt/armitage/armitage.jar \$\* > /opt/armitage/armitage"
sudo perl -pi -e 's/armitage.jar/\/opt\/armitage\/armitage.jar/g' /opt/armitage/teamserver

Lets create the database.yml file that will contain the configuration parameters that will be use by framework:

sudo nano /opt/metasploit-framework/config/database.yml

Copy the YAML entries and make sure you provide the password you entered in the user creating step in the password field for the database:

production:
 adapter: postgresql
 database: msf
 username: msf
 password: 
 host: 127.0.0.1
 port: 5432
 pool: 75
 timeout: 5

Create and environment variable so it is loaded by Armitage and by msfconsole when running and load the variable in to your current shell:

sudo sh -c "echo export MSF_DATABASE_CONFIG=/opt/metasploit-framework/config/database.yml >> /etc/profile"

source /etc/profile

First Run

Now we are ready to run Metasploit for the first time. My recommendation is to run it first under a regular user so the folders create under your home directory have the proper permissions. First time it runs it will create the entries needed by Metasploit in the database so it will take a while to load.

msfconsole