On Friday, Anonymous hacked the extremely popular service Freedom Hosting II. Freedom Hosting is a service offered free-of-charge to any user interested in hosting their sites on the Darknet.
At the time of the hack, Freedom Hosting served approximated 30% of all Darknet websites. The original Freedom Host was taken down in 2013 by law enforcement, resulting in dozens of child pornography prosecutions. Even worse than this latest version two hack, approximately half of Tor-based websites were out of commission after the government closure.
Per the message Anonymous left, the service was targeted because over 50% of the hosted sites displayed child pornography. The front page of Freedom Hosting stated a zero tolerance policy for child porn, but the Anonymous investigation showed there was an exhaustive lack of oversight. This is a massive blow to the darknet ecosystem, as the affected websites include Bitcoin escrow services, forums, and political blogs and forums.
In an interview with VICE, the hacker of the host stated: “Initially I didn’t want to take down FH2, just look through it.” He then proceeded to explain how the child pornography sites accounted for the majority of the material on the hosting server. The hacker concluded the correlation showed corroboration between the host admins. and the illicit websites.
The hacker shelled out the procedure he used to take over the host as well,
1. create a new site or login to an old one
2. login and set sftp password
3. login via sftp and create a symlink to
4. disable DirectoryIndex in .htaccess
5. enable mod_autoindex in .htaccess
6. disable php engine in .htaccess
7. add text/plain type for .php files in .htaccess
8. have fun browsing files
9. find /home/fhosting
10. look at the content of the index.php file in /home/fhosting/www/
11. find configuration in /home/fhosting/www/_lbs/config.php
12. copy paste database connection details to phpmyadmin login
13. find active users with shell access in /etc/passwd
14. look through the scripts and figure out how password resets work
15. manually trigger a sftp password reset for the user ‘user’
16. connect via ssh
17. run ‘sudo -i’
18. edit ssh config in /etc/ssh/sshd_config to allow root login
19. run ‘passwd’ to set root password
20. reconnect via ssh as root