Silk Road forums

Discussion => Security => Topic started by: darknetvmthroaway on September 09, 2012, 06:56 am

Title: Cool Debian Darknet VM setup guide
Post by: darknetvmthroaway on September 09, 2012, 06:56 am
Hey guys found a great article which includes a thorough Debian darknet install guide hope this helps people out there can be applied to a your local darknet vm via virtualbox or vmware if you use debain squeeze desktop iso.

Clearnet source url > https://whattheserver.me/blog/darknet-explained-and-then-done-right/


They also seem to offer darknet vm service with setup pretty sweet...

Quote
We have developed a product specifically designed to serve as a DarkNet Gateway by making WhatTheServer your first line of defense. To start you will need to purchase our DarkNet VPS package > https://whattheserver.me/billing/cart.php?a=add&bid=2. It includes the following:

     2 CPU cores
    10GB HDD space
    1024MB RAM
    1TB Banwidth
    Bundled with our Premium VPN

The bundled VPN creates a log-less and obscured connection between your accessing IP and your DarkNet VPS.

The DarkNet VPS package costs $30 per month with the option to pay a one time $30 guided setup fee (2 hour Maximum) and requires a clean install. This only acceptable form of payment for this package is Bitcoin. Any orders created with any other payment type will be canceled, deleted, and refunded LESS PROCESSING FEES.

The guided setup includes walking you thorough the encrypted setup of encrypted LVM, pidgin+otr , the tor browser bundle, PGP keys, etc. This is by appointment which must be scheduled via ticket after the purchase of the package. Please be prepared to allow for a block of time as this will be done one on one with a member of our staff via remote support. This will allow you to see everything from start to finish install wise and prepare you for your own future implementation of our strategy.

 

Here is our guide to the WhatTheServer DarkNet implementation:

Mandatory Installs and Setup:

    Download and install an OpenVPN client for your OS from official vpn community site here. If you use windows you can feel free to use our custom installer located here. For Mac we suggest using Tunnelblick located here or Viscosity located here.
    For those not on the other listed operating systems use the OpenVPN client with our ca.crt and server.opvn file/s here or get them from the email attachment in your welcome email. You should extract to the 'config' folder  of your OpenVPN install.
    Run OpenVPN and choose your preferred OpenVPN server.
    If your using windows make sure that after you have OpenVPN installed and activated that you test for DNS leaks. To test for leaks please visit DNS leak test site. if you see any leaks please either utilize their patch for Windows or follow the instructions in this forum post and then retry the test. It is critical for your privacy and safety that you do this on all Windows computers that you plan to use the OpenVPN connection on.
   
Install Debian squeeze 64bit desktop
Setup encrypted LVM and save encryption password
Save Root Password
Setup user acct and save password

Install NX Free Edition for Linux (Client,Node, and Server) and then re-login via nxclient > http://www.nomachine.com/download-package.php?Prod_Id=3776

Go to synaptic package manager (System>Administration>Synaptic Package Manger) then got to settings>repositories>third party software edit the repositories and un-check any cd-rom sources
Add the following as repos: (then save and exit)
'deb http://deb.torproject.org/torproject.org squeeze main'
'deb http://dl.google.com/linux/chrome/deb/ stable main'
       
Ignore error about missing gpg keys(were fixing that next)

Open to root terminal (red one under Applications>Accessories>Root Terminal) when promoted for Administrator password enter the root password you set during the OS install.  Then check the option to save in 'Keyring' and follow the prompts to setup keyring master password.

Run the following via root terminal(red one under Applications>Accessories>Root Terminal)
'gpg --keyserver keys.gnupg.net --recv 886DDD89'
'gpg --export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add -'
'apt-get install bleachbit enigmail gpa gnupg gnupg-agent gnupg2 htop network-manager-openvpn network-manager-openvpn-gnome pidgin pidgin-encryption pidgin-openpgp pidgin-otr ntp ntpdate secure-delete chromium -y'
   
Download the TOR Browser Bundle for Linux 64-Bit extract to a permanent location and then run the script to start > https://www.torproject.org/projects/torbrowser.html.en#downloadtbb

Configure gedit for pgp encryption by going (Applications>Accessories>gedit); then click edit tab and go to (Preferences>Plugin) and enable 'Text Encryption' by filling in the check box. Then save and exit.

Configure PGP encrypt/decrypt/sign plugin with gedit Preferences>plugin>text encryption plugin check and exit

Create PGP key by going to (System>Preferences>Password & Encryption Keys>File>New). Then select PGP key and continue by following the prompts. Please not if using key strength of 4096 or higher we suggest you use the 'Entropy' section in the 'Extras' section below to speed the key creation process.

Create TOR Mail address by going to TORMail.org via your TOR browser via your fresh DarkNet VPS install.

Configure your IceDove with enigmail install and email PGP key by going to (Applications>Internet>IceDove Mail/News>OpenPGP>Setup Wizard). Then follow the default choices choosing the key we previously created if applicable.

Configure Pidgin and add instant messenger accounts as needed. Next you will need to enable OTR inside Pidgin by going to (Tools>Plugins) and checking the 'Off-The-Record' box. Then click configure plugin and choose an Instant Messenger account and clicking Generate. In addition to the default settings in the 'Default OTR Settings' section you should check the 'Don't log OTR conversations'  box and hit close. You should repeat key generation process as needed for each account.

Optional Installs:

Install I2P > http://www.i2p2.de/debian.html
Install Teamviewer > http://www.teamviewer.com/en/download/linux.aspx

Extras:

Entropy
To add more entropy in order to speed up pgp key creation when using 4096 or higher you can install rng-tools
Run 'sudo apt-get install rng-tools' (drop sudo if in root terminal)
Then, edit the file /etc/default/rng-tools and add this to the bottom of the file 'HRNGDEVICE=/dev/urandom'
Restart rng-tools: 'sudo /etc/init.d/rng-tools restart' (drop sudo if in root terminal)
When finished generating keys you can stop rng-tools: 'sudo /etc/init.d/rng-tools stop' (drop sudo if in root terminal)

 

Be Responsible; Be Careful; Most of all Be Free.