November 2, 2018

News of all my sites.

Hi, I decided not to post news on this site but I would like to centralize my news on https://0darkking0.wordpress.com. Please visit if you want to know news about my events and other sites.

October 18, 2018

Links to all my contacts, pages, and social media.

Hello! I have a webpage which is https://hicc.cs.kumamoto-u.ac.jp/~fajar that contains all my personal links including my contacts, pages, and social media. Roughly it contains links that has information about my:


  1. Career:
    • Publications
    • Presentations
    • Codings
  2. Hobby:
    • Websites
    • Blogs
    • Channels
  3. Contacts:
    • Social Media
    • Emails
    • Messaging

August 3, 2018

Bypass Censorship by Tor

Tor Browser

If you have trouble with the other methods try using TOR Browser or any proxy application alike. I haven't read the details but I know that it configures the proxy for, of which proxy servers we should go through to reach the site we wanted. Not only to block websites but it also provides routes for us to go to the deep web.

Another application for TOR is for anonymity, for example we can set to use TOR proxy on our messenger so our chats could be more private. Anonymity might not be that important in developing country because the cyber law is not that tight yet, but for developed country this is something necessary. We might not be aware of the contents we surfed or downloaded were illegal. Being anonymous could avoid us from this troubles.

I downloaded TOR Browser on the following web site https://www.torproject.org/projects/torbrowser.html.en,
you can search Google.com and wrote TOR on the search engine. For Windows, just download > install > start TOR Browser. Follow the instruction, here's an example below or go straight down to watch the video (click image to enlarge):

Figure 1. Start TOR Browser


Figure 3. Type the site you want to visit

Figure 4. The Hidden Wiki

Figure 5. Wiki Leaks

Description

The Onion Router (TOR) is an implementation of onion routing by volunteers whom anyone can join because it is free and open source. TOR is mainly used for anonymity, privacy, and alike. For example, journalists who needs to communicate with whistle blowers, activists under oppressive regime, detectives on under cover operations, and privacy advocates who does not like monitoring, surveillance, trackers, and anything that breaches privacy.

What is the difference between onion routing and vpn and proxy? The difference is the layer of encryptions. While proxy and vpn only provide one or up to few layer of encryptions, onion routing provides multiple layer of encryptions like an onion. In this article's topic, what is the similarity between onion routing and vpn and proxy? They can be used to bypass censorships.

https://file.army/i/BYiZSJf
Proxy, vpn, and TOR bypassing censorship illustration.

Using TOR

Onion routing is the technology and TOR is the product that is free for anyone to use. TOR can be used in form of running application, browser, or browser extension. Regular people use TOR mostly to browse privately. I use TOR to bypass censorship as demonstrated in Video below where I access an anime site that was blocked.

Warning! Although surveillances cannot track your connections but they still can know that you are using TOR. The use of TOR by common people are frowned upon by most authority. In their reasonings, they need to monitor everything you are doing in order to keep law and order, especially their power. Only they are allowed to use privacy based technologies to go undercover and infiltrate criminal activities. Generally, you will be asked, why do you need to use TOR if you are not dealing with drugs, human trafficking, illegal weapons, porns, and other criminal activities? If not, then at least you will be on their special attention list.

TOR in Windows

https://file.army/i/BYiZvEV
TOR as a browser is the only available use that I found in Windows. I did find tallow and torifier to torify applications, but sometimes it works, sometimes it does not based on my experience in installing in multiple Windows machine. If you do not want to change browser, than find a tor extension that you can install in your preferred browser.
https://file.army/i/BYiZI1H
If you are a cryptocurrency enthusiast, I suggest to try Brave browser which is not only powered by Basic Attention Token (BAT) but has a built in TOR function as well.

TOR in Android

https://file.army/i/BYiZu9I
TOR Browser is also available on Android.
https://file.army/i/BYiZx4v
You can use Orbot if you want other applications to go through the TOR network. This application also allows you to participate as a volunteer node in the TOR network.
https://file.army/i/BYiZRck
Although Brave browser is available on Android but tor function is coming soon.

Building TOR Linux

https://file.army/i/BYiZ6Wp
Other than as a user, there are three more ways to join the TOR network. We can volunteer to be either a bridge, relay, or exit.

Installing TOR

sudo apt install tor torsocks torbrowser-launcher

To run TOR just run the command "tor". Any application you want to run with tor you can run the application by putting "torsocks" in front of the command. There is a same application called torify, choose which one you want to use. If you want to just run the browser, you can run "torbrowser-launcher" without running "tor" command because TOR browser have a built-in TOR. If you want to use other browsers, run "tor" and set the socks proxy to localhost and TOR port which is usually "9050" or "9051", or install a tor browser extension.

Configuring TOR

Edit the file "/etc/tor/torrc" and restart tor whenever finish. Other than volunteering as a bridge, relay, or exit node, there are other things that you can set for example as a daemon for you can run tor a service and start and stop from there, control port if you want andvanced monitoring of your tor node, hosting a site on tor network or deep web, and many other things which will be on separate article.

TOR Bridge

A bridge illustratively stands on the beginning layer of the tor network. The function of bridges are to give users access to tor because they cannot connect to tor themselves for some reason. Currently, the main reason is because the TOR network itself is blocked or censored by the authorities. To install on debian based Linux "sudo apt install obfs4proxy" and add the following to "/etc/tor/torrc":

BridgeRelay 1
ORPort 9001
ServerTransportPlugin obfs4 exec /usr/bin/obfs4proxy
ServerTransportListenAddr obfs4 0.0.0.0:9002
ExtORPort auto
ContactInfo 
Nickname 0fajarpurnama0tor

Above is my example configuration where actually you are not suggested to use port 9001 because it is well known so it is most likely blocked. Guides are actually available inside "/etc/tor/torrc" or you can read the official guide. By the way, the guide said the following but in my experience, I did not need it: "you will also need to set NoNewPrivileges=no in /lib/systemd/system/tor@default.service and /lib/systemd/system/tor@.service and then run systemctl daemon-reload. (see bug #18356)".

TOR Relay

TOR relays functions are securing the tor network and providing more anonimity. TOR relays are the most that occupies the tor network because they are the easiest to setup and bear the least risk. In my opinion, you do not need to think twice in becoming a TOR Relay. Add the following lines to "/etc/tor/torrc":

Nickname 0fajarpurnama0tor
ORPort 9001
ExitRelay 0
SocksPort 0
ControlSocket 0
ContactInfo 

TOR Exit

TOR exits are the least that occupies the tor network because they bear the highest risk. Why? because they are the frontier of the TOR network. They are the ones that are interacting with the public network or the Internet. If TOR users are doing activities discouraged by the authorities, these exits are the ones who will take the blame because they are the ones that are visible. Some authorities cannot even identify tor exits, so any malicious acts committed by TOR users, they will think that the tor exits are the ones that are committing them. Therefore, make sure you have complete understanding of your capabilities before running a TOR exit. Leave a comment, do you need a lawyer or something other than supports from ISPs and influential figures?

Since TOR exits are the ones that connects to the public network, they are the ones that heavily influenced the speed of the network. They are the nodes that in the end you need to go through anyway. Therefore if these nodes are scarce, then bottlenecks will often happen. TOR exits are in high demand, if you truly have the capabilities, please consider being a TOR exit. To become a TOR exit, simply follow the steps in becoming a TOR relay, with one difference:

ExitRelay 1

Other settings are inserting meta data to inform that you are an exit node. Do consider configuring your DNS, reverse DNS, and in the WHOIS record so that your node is informed as a TOR exit for example have "tor-exit" word in any of your record. If you are already running a website, do consider adding a notice that your node is a TOR exit for example write a html page. If not, tor can do that for you by setting the dirport to 80:

DirPort 80
DirPortFrontPage /path/to/html/file

Consider determining your exit policy. The more open your TOR exit is, the more risk it bears. Again, depends on your capabilities. If you are very powerful, then it is great service to fully open your TOR exit. However, do not take the risk if you cannot handle. For example, there will be TOR users who will use your exit for drug dealings, illegal weapon dealings, thief and assassination jobs, human trafficking, child pornography, hacking, etc. If you truly cannot handle the burden, do not force yourself and be a limited exit node for the regular people who just wants to surf the Internet privately. If you are taken down, it is lost for us as well. The most limited exit policy is only allowing port 80 and 443 and certain IP addresses that you determine. The default exit policy are:

reject *:25
reject *:119
reject *:135-139
reject *:445
reject *:563
reject *:1214
reject *:4661-4666
reject *:6346-6429
reject *:6699
reject *:6881-6999
accept *:*

Mirror

Bypass Censorship by Proxy

1. Borrowing Web Proxy

Borrowing a web proxy is the next simple step to changing DNS. Here is posted not the technical stuff but introduce web proxies available on the web. Below are steps of example web proxies or skip and go further below to watch the video.
  1. With internet connection open your browser and go to a search engine, here I used Google. 
  2. Type web proxy or something similar in the search bar.
  3. Pick one site that offers use of web proxy.
  4. Type the site you want to go to.


2. Borrowing Network Proxy


Here's how I see proxy works. Instead going straight ahead to the adress' destination the packets turns around to the proxy server, processed there then go to the original destination. I used this because my connection here doesn't allow direct contact with certain sites. Ofcourse it won't work also if the destination is blocked by the proxy server or to the proxy server itself is blocked.

I'll post a gif below.
This is just one function of the proxy server, if you want to know more why not visit my other site 0darkking0.wordpress.com (there isn't any material now but will be). Below are steps to use proxy server in Windows, or watch the video down below. (click image to enlarge)

  1. Open your browser and search for proxy list in search engine. I got a list generated by "hidemyass".

  2. Pick one server (it's IP address and port), not all might work so you may have to try one by one.
  3. Here I set in my global Internet Connection. Make sure to set your browser use "system settings" under somewhere around > "option" > "network" > "setting" under connection, here also if you want to use the proxy server for browser only.
  4. To use it global go to "network and sharing center" (follow my previous tutorial if you can't find where it is) > "internet option" > "connections" > "LAN Setting" > "use proxy server", then input the IP address and port. You can to advance for more features.



Setting Proxy in Linux

https://file.army/i/BYVd251
Figure 10. find your network manager from widget.
https://file.army/i/BYVdc87
Figure 11. or find network manager from settings and press gear on desired profile.
https://file.army/i/BYVd5Ms
Figure 12. choose manual network proxy and put the ip address and port.

If you want to do it from terminal, then write the following into "/etc/environment":

http_proxy="http://:@:/"
https_proxy="http://:@:/"
ftp_proxy="http://:@:/"
no_proxy="localhost,127.0.0.1,::1"

Setting Proxy in Android

https://file.army/i/BYVdNal
Figure 13. open settings.
https://file.army/i/BYVdg9j
Figure 14. choose connections.
https://file.army/i/BYVdqOk
Figure 15. choose wifi or mobile network.
https://file.army/i/BYVdtkv
Figure 16. if you choose wifi then long press one of the hotspot then choose manage network settings.
https://file.army/i/BYVdHHH
Figure 17. choose advance.
https://file.army/i/BYVdUSf
Figure 18. choose static the set proxy.
https://file.army/i/BYVdiFI
Figure 19. if you mobile network then go to access point.
https://file.army/i/BYVdj5V
Figure 20. choose or make your profile.
https://file.army/i/BYVf98p
Figure 21. find and set proxy.

Building Proxy Server Linux

I used "squid" as my proxy server on Debian Linux. Install squid server:

sudo apt install squid
sudo cp /etc/squid/squid.conf /etc/squid/squid.conf.original

edit "/etc/squid/squid.conf".

Basic setup:

  • http_port
  • acl
  • http_access

authenticated setup:

auth_param basic program /usr/lib/squid/basic_ncsa_auth /etc/squid3/passwords
auth_param basic realm proxy
acl authenticated proxy_auth REQUIRED
http_access allow authenticated

Restart squid server:

sudo htpasswd -c /etc/squid3/passwords username_you_like

Mirror

Bypass Censorship by DNS

Changing the domain name server (DNS) is one of the easiest way. If the contents restriction is by DNS we simply only need to use another DNS, if not then this method cannot be use. Here will be introduced of DNS on public level in other words simple term. More information on https://0darkking0.blogspot.com/2020/03/simple-introduction-to-computer-network-and-the-internet.html, technical term will be upcoming.

To make things short we browse the web mainly using the domain address for example "www.facebook.com", but our machine itself prefer  internet protocol (IP) address which is still version 4 of IP "173.252.74.22". When we write, the DNS translate it from "www.facebook.com" > "173.252.74.22".

 Figure 1. Simple Animation of DNS 

Here are steps of setting DNS in Windows (click the image to enlarge), or you can watch the video far below:

  1. Go to start menu and choose control panel.
    Figure 2. Opening Control Panel
  2.  Choose network and internet.
    Figure 3. Opening network and internet
  3. Go to network and sharing center.
    Figure 4. Opening network and sharing center
  4. Change adapter setting.
    Figure 5. Change adapter setting
  5. Right click and choose properties of the network interface you're using.
    Figure 6. Properties on network interface
  6. Choose internet protocol version 4 and input the DNS, here I input Google's public DNS.
    Figure 7. Inputing DNS


If you want to change from command line, then type the following on cmd.exe:

netsh
interface ip show config
(find the connection for example:)
interface ip set dns "Ethernet0" static 8.8.8.8

Setting DNS Linux

https://file.army/i/BYNbBGn
Figure 15. find your network manager from widget.
https://file.army/i/BYNb7o1
Figure 16. or find network manager from settings and press gear on desired profile.
https://file.army/i/BYNbTi7
Figure 17. choose IPV4 or IPV6 and change the DNS.

If you want to do it from terminal, then be administrator using "sudo su", edit "/etc/resolve.conf" file using nano, vim, etc, and set for example "nameserver 8.8.8.8".

Building DNS Server Linux

Here I will only demonstrate locally using bind9. If you want to put on public domain, just change to public IP addresses.

   sudo su
   apt install bind9
   

Edit "/etc/bind/named.conf.options" if you want to add forwarders such as:

   forwarders {
       1.2.3.4;
       5.6.7.8;
        };
   

Create a zone in any conf file, in the video above, I added a zone in "/etc/bind/named.conf.local" since it's only for local network. For example:

   zone "example.com" {
     type master;
     file "/etc/bind/db.example.com";
   };
   

In above code, the zone name is "example.com" and the type is "master". The zone file is specified to "/etc/bind/db.example.com" but you can change the name and directory of the file as you wished but for now in "/etc/bind/db.example.com":

   ;
   ; BIND data file for example.com
   ;
   $TTL    604800
   @       IN      SOA     example.com. root.example.com. (
            2         ; Serial
          604800         ; Refresh
           86400         ; Retry
         2419200         ; Expire
          604800 )       ; Negative Cache TTL
     IN      A       192.168.1.10
   ;
   @       IN      NS      ns.example.com.
   @       IN      A       192.168.1.10
   @       IN      AAAA    ::1
   ns      IN      A       192.168.1.10
   

We defined "example.com" as "192.168.1.10", we also define a subdomain "ns.example.com" the same as "example.com". Note, there are example zone files such as "/etc/bind/db.local" if you need a skeleton, else go to bind9 official website for further technical details. Next is creating a reverse zone file to resolve names to IP Address. Edit "/etc/bind/named.conf.local" once again and add for example:

   zone "1.168.192.in-addr.arpa" {
     type master;
     file "/etc/bind/db.192";
   };
   

Replace "1.168.192" with the network you are using if you are using a different one. The reverse zone file in above video is "/etc/bind/db.192". If you need a skeleton, there is "/etc/bind/db.127". The contents below shows that "ns.example.com" is "192.168.1.10":

   ;
   ; BIND reverse data file for local 192.168.1.XXX net
   ;
   $TTL    604800
   @       IN      SOA     ns.example.com. root.example.com. (
            2         ; Serial
          604800         ; Refresh
           86400         ; Retry
         2419200         ; Expire
          604800 )       ; Negative Cache TTL
   ;
   @       IN      NS      ns.
   10      IN      PTR     ns.example.com.
   

Finally, "sudo systemctl restart bind9.service" to restart the DNS server.

Mirror

Hack Administrative Access Windows 7 (sethc.exe vulnerability)


1. Overview
 
The PC was designed for the user to only have standard user account privilege (near guest account) where the user only have the right to read and execute certain data and application. Unlike administrator account doesn’t have the privilege to modify the PC’s setting for example uninstalling admin’s program, editing the registry, modify the services, set the startup, etc. 

USB Access Through Trend Office Scan


After gaining administrator privilege then gaining access to USB thumb drive available. It’s identified that a software name Micro Trend Office Scan is responsible for controlling the device. But one flaw is found, it takes time to load the service thus giving the user a chance to disable the service even further disable the password, lastly even uninstall.

Maintaining Access of Administrator Windows 7 and USB Access Micro Trend


The maintaining access here means that the steps on Section 3 don’t have to be repeated the next time we boot the PC. Instead we will configure for the steps above to run at startup, to do that we need to know the command line base of the above methods. Code 1 contains a simple command to replace “sethc.exe” with “cmd.exe”. Code 2 contains  commands to stop and disable Trend Micro Unauthorized Change Service, followed by editing “NoPwdProtect” key registry.

Chamber Room Using Thermocouple and Relay



1. Introduction

A chamber room in this experiment is known as an automation circuit. It’s designed to keep the room temperature at a certain degree. This chamber room is chosen as one of the training for automation.

T-Phi Network (Star-Delta) Using Relays and Timer



1.     Introduction

In electric circuit star and delta circuit consist of 3 loads which in star circuit they are connected in form of a star while in delta circuit are connected in delta form as in Figure 1.
Figure 1. Star and Delta Connection Diagram