Posted on

Learn Ethical Hacking Episode #16: Accessing the Dark Web Using the Tor Browser (Part 2)

 

If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!

https://josephdelgadillo.com/ethical-hacking/

Below is a list of the courses included in the bundle:

The Complete Ethical Hacking Course for 2018!
http://bit.ly/2leW0j4
Certified Ethical Hacker Boot Camp for 2018!
http://bit.ly/2yKbler
The Complete Ethical Hacker Course: Beginner to Advanced!
http://bit.ly/2i3kirq
Build an Advanced Keylogger for Ethical Hacking!
http://bit.ly/2yMl3gI

Hello everybody and welcome to this follow-up tutorial. Today, I will show you how to install TOR itself. We’ll go through the installation procedure, and in order for us to do that we will need to use the new user that we have created, test.

First, we will need to switch users. In order for you to do that you need to log out, and in order for you to log out in Kali Linux just go ahead and click in the upper right corner where it says root, scroll down to switch user, and there we go. Excellent! It now says the active user is test. I’m already logged in as test because I have done this previously, but it’s going to prompt me for a password as well. So, just go ahead and type in the password for your user, press enter, very simple. There is a browser icon in the upper left corner, it’s blue, it’s a reliable browser. Go ahead and click on the icon, navigate to your favorite search engine, type in tor, press enter, and open the first site in the search results. It should read tor project: anonymity online. Make sure, absolutely make sure, that you are downloading this browser from the official source. In the browser it says “https”, make sure there is an “s” at the end. Make sure that the domain is correct as well, so torproject.org. It’s not .com, it’s not dot some country extension, it’s .org. Anyway, go ahead and click on download tor, and I need the 64-bit tor browser for gnu/linux. In case you’re using another operating system, over here you have it for Microsoft Windows, Apple OSX, etc. We are going to go ahead and use the Linux/UNIX version. There are some addition resources here on the site, you have forums, questions, FAQ, and some other things as well. I would strongly advise that you browse around the site for a bit. For the time being, I’m going to go ahead and click on download, yes I wish to save a file, and the download will proceed. It should only take about a minute or less to download.

What you do with tor is simply route your traffic to go through certain points, and every time it hops there is an encryption layer. It makes your connection very secure and there are these things that are called inner nodes. So, for example, you go from one computer, nodes are basically computers or servers through which you go, so you make a request to a certain website, and then your connection goes from your computer to some other computer, and then from that computer to some other, and so on and so forth, until it reaches the exit node. All of these devices are a part of the TOR network. Once it reaches the exit node, it is the exit node that actually makes the request for the site that you wanted. Basically, you are using a lot of proxies, that would be the very basic explanation, but there is a lot more to it. The encryption being the major part of it. So, there are multiple layers of encryption there and it is nearly impossible to figure out where a request is coming from, unless you are controlling these nodes, or something like that, which is highly unlikely. Basically, using the TOR network is a fantastic way of staying anonymous. You do not need to necessarily use the tor browser just to access the hidden web, rather instead you can use TOR to torrify, that is the term, to torrify your applications. Once you torrify them all of traffic generated by those applications will be routed through the TOR network, and you will be anonymous to a very large extent. Although, keep in mind that connections, all things using TOR, are very slow because your connection is being routed through a lot of devices, and there are a lot of people out there that are using those devices. Anybody can contribute, really. You can find additional information on the TOR official website.

In this particular tutorial I wanted to introduce you to TOR and show you the dark web. So, go ahead and click on the file you downloaded. It says reading archive please wait, excellent! I am going to extract it to test/desktop, so go ahead and proceed. Let’s see if it’s going to succeed. Extracting files from archive, don’t cancel it just quit it, excellent! Go ahead and open up this folder and start the TOR browser. Just go ahead and click on start tor browser, run, and this process might take a bit of time. Now you might ask yourselves, what is so special about this TOR browser? It looks like a regular internet browser. The TOR browser gives you the ability to access the .onion domains, and here’s how we do that. The first thing that I’m going to do is type in hidden wiki. The hidden wiki links to a large number of other .onion domains, to those of significance anyway, and it’s URL continuously changes. That is why I am searching for it in the video, as opposed to pre-loading it, primarily to show you how you can find it. It’s not really that difficult, you can just type it in to the search engine. So, let’s just go ahead and open up a couple of these websites. So here we have .onion domains, a list of them, quite a large list, but I’m not actually interested in those. Here it tells us that the hidden wiki has been hacked, this is the new URL, spread it. Don’t worry about this, this happens like all of the time. This is just one of those things that you have to learn to live with. I know it’s a bit inconvenient to have to search for the URL all of the time, but if you want to access the dark web things are not as stable as they are on the on the regular web. So it says, welcome to the hidden wiki, new hidden wiki URL added to bookmarks and spread it, excellent!

Let me explain where we are. This is a rather large list of links for .onion domains, as I said, and you have many different resources here. Some of them are illegal and we will not go into those, basically where you have people who are selling PayPal accounts, credit card numbers, and so on and so forth. That is not somewhere we should go. Perhaps, if you would like to check out if your PayPal has been hacked, or something like that, you can go on to those websites and search for it to see if it’s actually there. Other than that, I really see no other reason why you should visit them. There are also a lot of things concerned with the anonymity of payment online, so Bitcoin, prepaid cards, etc. Anyway, down below you have commercial services. I wouldn’t recommend buying anything that needs to be shipped to a physical address. They have an anonymity and security section. Here you have some things concerning proxies, the TOR network, etc. The primary purpose of why I am showing you how to access the hidden web is so you can use a large amount of these external resources during your pen-testing exercises. What we are mainly interested in are the forums. So you have forums, boards, chans, and so on and so forth. Let’s take a look at a few of them. Keep in mind that they tend to be down, that the URLs tend change, and this can be problematic. So let’s try BlackBook, HackForum…yeah, you see there’s a problem loading this page. This is not going to open. Hack The Planet, let’s see what they got there. The Intel Exchange, excellent! I think this is one of the better forums. Let’s go through these pages and see if we can find anything of use. We are in the intel exchange. This is one of the forums where you will need to register, but I mean nobody’s asking for your credit card information. Just fill in the basic information like your user name, password, how you wish to be addressed, and so on and so forth. You have general discussions, we don’t really want that, we have software, excellent! This is what we were looking for, software. So hacking, programming, TOR, and everything else about software. Let’s see what’s here. By the way, whatever code you download from these websites you will need to run within a virtual environment, or do not run it at all. I’m just going to go ahead and say that you should not run it on your regular machines, or on anybody’s regular machines, because that’s never a good idea. So, what do we have here? Best programming language for making an OS. Well, we don’t you really need that. That can be rather complicated. Down below, is it safe to download PDFs on TOR? You shouldn’t do that, you shouldn’t download anything on TOR that you will use on your regular machine. So we have some fairly silly things here which we will never use, but there are some very nice resources. We have IP address questions. So, what can you do with an IP address, and so on and so forth. I can’t open any of these because I’m not registered, but I have been on these forums and they can be quite useful. I don’t think I’ve been on this one in particular, but I have been on forums on the darknet, and you can find some interesting things that people have done, some interesting methods. Usually things tend to be published here first and then they hit the general public, or they regular web. We have keyloggers here. So you can find some information on keyloggers, how to use them, where to find them, but I was just reading the reviews mainly here, and the suggestions, and then figuring out where you download it. It is important to check if software is open or closed source. If it’s open source perhaps you can go to their website and download it from there and be safe in that manner. So that’s not a bad idea. You see hacking tools, SQL injections, operating systems for hacking, root kits, and so on and so forth. You have a ton of information here which I would strongly recommend you explore. Do not do anything illegal, just go ahead and visit the forums and see what sort of information can you extract from it. That’s all. In any case, this will conclude the tutorial here. I hope you find the dark web to be a useful asset in your pen-testing career, or your pen testing activities in general. I believe it is. You can find a lot of useful things as I keep restating. The connections can be rather slow, but it is safe to install the TOR browser on your regular machine so long as you download it from the official site, which is torproject.org, under the https protocol. In any case, I bid you farewell, and I hope to see you in the next tutorial.

The remainder of the tutorial videos can be found in this YouTube playlist:

 

You can also enroll in the course and download the videos for offline viewing:

https://jtdigital.teachable.com/p/hacking-free/

Subscribe on YouTube – https://www.youtube.com/c/JosephDelgadillo?sub_confirmation=1

Follow on Steemit – https://steemit.com/@jo3potato