/d/OpSec icon

/d/OpSec

16,634 subscribers

Must read: https://anonymousplanet-ng.org/guide.html

Discussion of OpSec, Threat Models, Protection, Assessment & Countermeasures.

Vendors, please use /d/vendor_handbook.

While the focus of this community's OpSec discussions may center around Dark Net (DN) activity, all members of this sub are encouraged to think about, discuss, and share ideas relating to OpSec that extend beyond the bounds of the DN.

[GUIDE] Anonymous working environment.

by /u/R3ktS3c 🍼 · 5 votes · 6 days ago

A very popular question is how to do (whatever) anonymously.

I'm gonna explain how to do it properly IMHO (Any tip, improvement or suggestion is welcomed).

FIRST WAY - Linux host and KVM (FOSS chad way):

I'm gonna assume that you have a Linux system installed with full disk encryption.

*If you wanna do it in paranoid mode, you should get an external Hard Drive and create a hidden volume with Veracrypt. There is where you will store your VM's.

https://proprivacy.com/privacy-service/guides/veracrypt-hidden-volumes

This tutorial is focused on Debian based systems host:

1- Install virt-manager

sudo apt install virt-manager

2- Ensure libvirtd is enabled and running.

sudo systemctl enable libvirtd

sudo sytemctl start libvirtd

sudo systemctl status libvirtd

3- Add user to groups

sudo usermod -aG kvm,libvirt "$(whoami)"

4- Reboot so group changes take effect.

5-Ensure KVM's / QEMU's default networking is enabled and has started.

sudo virsh -c qemu:///system net-autostart default

sudo virsh -c qemu:///system net-start default

sudo virsh net-list --all

6- Download Whonix into your encrypted hard drive or hidden volume.

https://download.whonix.org/libvirt/16.0.5.3/Whonix-XFCE-16.0.5.3.Intel_AMD64.qcow2.libvirt.xz

https://download.whonix.org/libvirt/16.0.5.3/Whonix-XFCE-16.0.5.3.Intel_AMD64.qcow2.libvirt.xz.asc

7- Verify files

gpg --verify-options show-notations --verify Whonix-XFCE-16.0.5.3.Intel_AMD64.qcow2.libvirt.xz.asc Whonix-XFCE-16.0.5.3.Intel_AMD64.qcow2.libvirt.xz

*If the virtual machine image is correct, the output will inform that the signature is good.

8- Extract files.

tar -xvf Whonix-XFCE-16.0.5.3.Intel_AMD64.qcow2.libvirt.xz

9- Add the virtual networks.

sudo virsh -c qemu:///system net-define Whonix_external_network-16.0.5.3.xml

sudo virsh -c qemu:///system net-define Whonix_internal_network-16.0.5.3.xml

10- Activate the virtual networks.

sudo virsh -c qemu:///system net-autostart Whonix-External

sudo virsh -c qemu:///system net-start Whonix-External

sudo virsh -c qemu:///system net-autostart Whonix-Internal

sudo virsh -c qemu:///system net-start Whonix-Internal

11- Ensure the networks are correctly enabled.

sudo virsh net-list --all

12- Now we are ready to import Whonix-XFCE-16.0.5.3.Intel_AMD64.qcow2

Open virt-manager > File > New virtual machine > Import existing disk image > Browse > Browse Local > Go to the path where you made the download and double click on Whonix-XFCE-16.0.5.3.Intel_AMD64.qcow2

13- Select the OS type "Generic Linux 2022" and click Forward.

14- Choose Memory and CPU settings and click Forward.

Recommended Memory: 750MiB (If you choose less 500 it wont have GUI)

Recommended CPUs: 1

15- Select Network.

Select > "Virtual Network 'Whonix-External' :NAT" > "Customize configuration before installing" > Finish

17- Add other virtual network interface.

Click on "Add harware" > Network > select "Virtual Network 'Whonix-Internal' :Isolated Network" > Finish > start installation

18- Our Whonix gateway is installed and running!

TOR connection wizard and system-check will pop up, just configure TOR at your needs and apply the updates of system-check.

*If system-check updates fail, just do it manually in terminal:

upgrade-nonroot

19- Change default password. (Default user= user. Default password= changeme)

sudo passwd

20- Our Whonix gateway VM is done. NEVER USE AS WORKSTATION.

21- Time to install our Workstation VM.

*IF YOU WANT TO BROWSE THE DARKNET OR USE TOR INSIDE THE WORKSTATION, JUST USE WHONIX-WORKSTATION. YOU CAN'T RUN TOR INSIDE A TOR CIRCUIT, SO ANY OTHER SYSTEMS WONT BE ABLE TO USE TOR AS A PROXY OR REACH HIDDEN SERVICES*

- Just import whonix-workstation*.qcow2 in virt-manager as we did it in step 12.

- Select the OS type "Generic Linux 2022" and click Forward.

- Choose Memory and CPU settings and click Forward (Recommended Memory: 4096MiB Recommended CPUs: 3)

- Select Network > "Virtual Network 'Whonix-Internal' :Isolated Network"

- Click Finish. No more settings needed.

In my example I'm gonna use Kali Linux, but is the same process with any ISO (Obviously avoid Microshit Windows).

22- Create VM from ISO file.

Open virt-manager > File > New virtual machine > Select Local Install Media (ISO image or CDROM) > Browse > Browse Local > Go to the path where you made the download and double click on kali-linux-2022.2-installer-amd64.iso > uncheck "Automatic detection from the installation or source media" > select "Generic Linux 2022" > Forward

23- Choose Memory and CPU settings and click Forward.

Recommended Memory: 4500MiB

Recommended CPUs: 3

24- Create disk image for the virtual machine. /var/lib/libvirt/images is used by default.

If you are OK with this path just select the size of the disk an click Forward.

In my case I'm gonna use my encrypted external hard drve.

Click on "select or create custom storage" > Manage > Add pool > Name the new pool > Browse > Select the path where you wanna allocate your VMs for example (/media/user/HardDrive/VMs/) > Finish > click on "+" (create a new volume) > name the volume > Select format (I prefer qcow2) > Select the size (about 150GiB in my case) > Finish and wait a while > Select your new volume and click on "Choose Volume" > Forward

25- Select Network.

Name the machine > Select Network > "Virtual Network 'Whonix-Internal' :Isolated Network" > Finish

26- Our workstation VM is installed and running.

27- Time to install our kali system into the VM

Graphic Install > Select Language > Select Location > Conigure keyboard > Configure the Network > Configure Nerwork Manually

28- Network Configuration

IP ADDRESS: 10.152.152.21 (Just an example, choose whatever you want inside that network)

NETMASK: 255.255.192.0

GATEWAY: 10.152.152.10

NAMESERVER: 10.152.152.10

*YOU CAN ADD AS VMs AS YOU WANT TO THIS INTERNAL NETWORK*

29- Finish installation as always. I'm not gonna deep into that.

I recommend to use Encrypted LVM but you wont be able to copy/paste the password. You must introduce it manually.

30- Once the OS is fully installed you can install SPICE guest tools. Is like VBox guest additions for KVM. (Automatic screen resize, Copy/Paste between host and guest...etc)

sudo apt install spice-vdagent

31- Well, at this point you have your fresh Anonymous Environment ready to work.

*Maybe you don't want to use IP addresses from Tor Network so I'm gonna explain how to setup Mullvad VPN*

32- VPN over TOR

Create an account on Mullvad and pay with XMR.

https://www.getmonero.org/downloads/

https://mullvad.net/en/

33- Download and install the client.

https://mullvad.net/download/app/deb/latest/

34- Open the client and log in with your account.

36- Configure VPN client to work over TOR.

Settings > Advanced > Tunneling protocol > Select OpenVPN > OpenVPN Settings > Transport Protocol > TCP > TCP Port > Automatic

Go back to main menu, select country and connect!

NO ONE WILL KNOW YOUR IP, NOT EVEN MULLVAD.

*What about reverse shells?

Just rent a VPS (paid with XMR) and do your things there, connect to the VPS through SSH from this environment (Preferably without VPN, just TOR).

*Okay nice guide, but i already have all my environment in Virtualbox (or similar crap) and i don't want to install all my systems again...

No worries. I'm gonna tell you how to migrate your machines from Virtualbox into KVM:

1. If the VMs were encrypted with the virtualbox feature, just disable it. If the VM were encrypted through system install there is no problem.

Once you got the VMs decrypted you are ready to migrate.

2. Convert VM from VDI to IMG

From terminal:

VBoxManage clonehd --format RAW MyVM.vdi MyVm.img

(Grab a coffee and wait)

2. Convert VM from IMG to QCOW2

qemu-img convert -f raw MyVM.img -O qcow2 MyVM.qcow2

(Grab a coffee and wait)

3. Done, ready to import the machines into KVM like in step 12. (Obviously you need to create the Whonix-Internal network and Whonix-External network. Steps 9 & 10).

SECOND WAY - Linux/Windows host and Virtualbox (Virgin proprietary skid way):

I'm not gonna deep to much into that since there are plenty information about that.

1- Just install Virtualbox.

2- Download Whonix for Virtualbox.

https://download.whonix.org/ova/16.0.5.3/Whonix-XFCE-16.0.5.3.ova

3- Import Whonix-XFCE-16.0.5.3.ova into Virtualbox

4- Done. You are ready to run Whonix-Gateway and Whonix-Workstation.

5- Run both VMs and work.

*If you want to install Kali or other ISO with Whonix-Gateway in Virtualbox.

- Just create a Kali VM as always and in network choose Internal Network, then select Whonix.

- Start both machines and configure manually Kali network like step 28.

* CAUTION CLEARNET LINK!

Video where is well explained: https://youtu.be/q7_Lu2OEois

I hope it will be useful for everyone, specially who those are new into this.

Sorry for my bad english and other orthographic fails.

As i said any suggestion, correction or contribution will be welcomed.

Feel free to ask me any questions or problems during the process.

One Love, Stay safe and Happy Hacking.

Comments (12)
/u/vekocy · 2 votes · 6 days ago · Link

Great write up, some much new things to learn! ...

/u/R3ktS3c 📢 🍼 OP · 1 votes · 5 days ago · Link

Thank you, step by step, is important to know how the process works not just copy/paste commands.

/u/B34R · 2 votes · 6 days ago · Link

Will keep this for future reference. Thanks for this.

/u/R3ktS3c 📢 🍼 OP · 2 votes · 5 days ago · Link

Thanks mate

/u/Rebirth P · 2 votes · 5 days ago · Link

i actually laughed reading this because it's so beautiful good work mate

/u/R3ktS3c 📢 🍼 OP · 1 votes · 5 days ago · Link

Thanks :D i hope it helps

/u/Lunchablez 🍼 · 1 votes · 6 days ago · Link

very good write-up amigo! One question, to apply this to carding of any sort, one would need an RDP at the end, after mullvad instead of the VPS, right? Or even better to still ssh into vps, and THEN ssh into RDP?

/u/R3ktS3c 📢 🍼 OP · 2 votes · 6 days ago · Link

Yes, IMHO RDP is the best option, just after TOR (If RDP supports TOR even better, don't use VPN).

Don't SSH into VPS and then RDP is just a useless and dangerous mess.

https://www.whonix.org/wiki/Tunnels/Introduction

Other way might be use a Windows/Android VM instead Kali, from there you could use socks

*NOT RECOMMENDED*

Check this if you are gonna use this option.

https://www.whonix.org/wiki/Tunnels/Introduction

https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_proxy

As i said RDP is the best option.

/u/Lunchablez 🍼 · 1 votes · 6 days ago · Link

Awesome thanks for the reply! Just to clarify, you're saying for carding, don't need the VPS, last two connections would be vpn (or TOR) ---> RDP, is that right?

And would you mind possibly going over your thought process quick, on why you recommend the vpn(tor)+RDP as opposed to vpn+socks5? I'm at the stage where, earlier i was looking for a good, XMR-payable socks proxy provider, till I read this. I was under the impression that, all else equal, vpn->rdp was essentially the same as vpn->socks5? (not the same, but equal, as far as safety and appearing legitimate to a website are concerned)

/u/R3ktS3c 📢 🍼 OP · 1 votes · 5 days ago · Link

No problem, I'm not an expert but I'll try my best to help.

1- The thing about (TOR > RDP) or (TOR > VPN > RDP) is to avoid to give your IP to the RDP. Avoid to use VPN if is not strictly necessary.

I like to insist in using TOR instead VPN, only use VPN if is absolutely necessary like for example if RDP refuses TOR connections.

(TOR > RDP) is the best way.

Don't SSH into VPS and then RDP is just a useless and dangerous mess.

https://www.whonix.org/wiki/Tunnels/Introduction

2- The reason why RDP or socks are used in carding is not for increasing security but don't trigger anti-fraud alerts with a suspicious IP.

Personally i prefer to use (TOR > RDP > Residential socks)

The reason about i use socks after RDP is not for security, just to seems legit

You could also use (TOR > socks) but i don't like to mess with tunneling in TOR (see the links below) and i prefer to keep the nasty things outside my machines (RDP).

https://www.whonix.org/wiki/Tunnels/Introduction#Warnings

https://www.whonix.org/wiki/Tunnels/Connecting_to_Tor_before_a_proxy#Proxy_Warning

/u/HeadJanitor Moderator · 1 votes · 5 days ago · Link

*IF YOU WANT TO BROWSE THE DARKNET OR USE TOR INSIDE THE WORKSTATION, JUST USE WHONIX-WORKSTATION. YOU CAN'T RUN TOR INSIDE A TOR CIRCUIT, SO ANY OTHER SYSTEMS WONT BE ABLE TO USE TOR AS A PROXY OR REACH HIDDEN SERVICES*

This is important to note. This is to Torify an OS. The danger is you become one circuit and extremely fingerprintable.

/u/R3ktS3c 📢 🍼 OP · 1 votes · 5 days ago · Link

Yes, i tried to highlight it with [color=red][/color] labels but i had some problems while doing it.