TryHackMe: Tor WriteUp

A beginner orienteered guide on using the TOR network. You can access the room through this link: https://tryhackme.com/room/torforbeginners

Hi everyone, this is Mrinal Prakash aka EMPHAY on TryHackMe and today I am going to take you all to the walkthrough of the room on TryHackMe called “Tor” which is a pretty basic beginner friendly room and it falls into the category of easy rooms. So lets go ahead and dive in.

Tor is a free and open-source software for enabling anonymous communication. Tor directs Internet traffic through a free, worldwide, volunteer overlay network consisting of more than seven thousand relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. Using Tor makes it more difficult to trace Internet activity to the user: this includes “visits to Web sites, online posts, instant messages, and other communication forms”. Tor’s intended use is to protect the personal privacy of its users, as well as their freedom and ability to conduct confidential communication by keeping their Internet activities unmonitored.

In penetration testing, there might be a need to conduct a full-fledged black-box test. This is a form of testing in which security professionals have to deal with such things as firewalls and other mechanisms of restriction on the customer’s side. In this case, the Tor network can be used in order to constantly change IP and DNS addresses and therefore successfully overcome any restrictions.

In this unit, we are going to install the Tor service and learn basic commands.

Unit 1 — Tor

  1. Run apt-get install tor to install/update your Tor packages

2. Run service tor start to start the Tor service
No Answers needed

3. Run service tor status to check Tor’s availability
No Answers needed

4. Run service tor stop to stop the Tor service
No Answers needed

Unit 2 — Proxychains

1. Let’s start with running apt install proxychains to install/update proxychains tool
No Answers needed

2. Now it’s time to configure proxychains to work properly. Run nano /etc/proxychains.conf to edit the settings. (Note: You can use any text editing tool instead of nano)
No Answers needed

3. We can now see, that most of the methods are under comment mark. You can read their description and decide on using one of them in the future. For this lesson let’s uncomment dynamic_chain and comment others (simply put ‘#’ to the left). Additionally, it is useful to uncomment proxy_dns in order to prevent DNS leak. Scroll through the document and see whenever you want to add some additional proxies at the bottom of the page (which is not required at this point). Apply all the settings.

No Answers needed

4. Now let’s check our settings. Start the TOR service and run proxychains firefox. Usually, you are required to put ‘proxychains’ command before anything in order to force it to transfer data through Tor.

No Answers needed

5. After the firefox has loaded, check if your IP address has changed with any website that provides such information. Also, try running a test on dnsleaktest.com and see if your DNS address changed too.

NOTE: All other web browser windows should be closed before opening firefox through proxychains!

No Answers needed

Unit 3 — Tor browser

Install Tor browser on your system (It is not necessarily to do this on your Kali Machine).

  1. Finish the installation
    No Answers needed
  2. Launch the Tor Browser and set your privacy settings to Level 2 (Safer)
    No Answers needed
  3. Access the website below and capture the flag by copying bitcoin address at the bottom of the page!
    http://danielas3rtn54uwmofdo3x2bsdifr47huasnmbgqzfrec5ubupvtpid.onion/
    1K918TvvE4PMPzPuZT7zSDAQV4ZNUjHBm5

This completes our room and that was it from me. If you enjoyed reading this, do give it a clap and follow me on medium. If you face any problem regarding any solution, feel free to reach me out. Hope you enjoyed reading my work. If you really liked this article, then follow me on medium and follow me up on Twitter and connect with me on LinkedIn. Till then goodbye from my side and Happy Hacking.

Hacker || Student || CTF Player || Coder || Editor at A&M Publications

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store