"Well," said Pooh, "what I like best," and then he had to stop and think. Because although Eating Honey was a very good thing to do, there was a moment just before you began to eat it which was better than when you were, but he didn't know what it was called." - A. A. Milne
About the creators:
THC (The Hackers Choice) is a well known hacker group active since 1995. One of their most famous project is Hydra[0].
> "We research and publish tools and academic papers to expose fishy IT security that just isn’t secure. We also develop and publish tools to help the IT Security movement."[1]
How could there possibly be assurance of that? People who get coerced and turned into being informants don't go around advertising it to everybody else.
A virtual root server is a cloud server
giving you full access, root in Linux. As opposed to some web page hosting thing. I think has been mainstream for more than 10 years. DNS root servers just work, nobody talks about them. Well, unless there were a major incident some day.
Was wondering what the limits are on this service - turns out they quite sensibly restrict the number of shells allowed per source IP address. This script shows it starts refusing new SSH sessions after a few connections back to itself:
[ERROR]
--> You (172.22.0.21) have to many servers running
--> Read https://www.thc.org/segfault/youcheapfuck
--> Contact us on Telegram: https://t.me/thorg
Connection to 127.31.33.7 closed.
Also their Tor hidden service currently seems to be inaccessible. Perhaps there's a hard limit on the number of connections via that route, given that one can't restrict per any individual source due to the design of Tor.
Most places require payment, which is hard to do anonymously.
Here, you don't have to take many promises at face value. You do have to assume that everything you do on that server is monitored if you don't trust it, but you can connect to it via Tor and/or a VPN.
I can totally see the market for this. Imagine being a young person (let's say between 10 and 17), you read 2600 or something like it, you cannot pay for a server, you do not have your own Linux because the only family computer is running Windows and you're not an administrator on it. This is free and full of wonderful tools to try and explore.
Seems like this situation would have been common 25 years ago, but even poor families today have more than one computer at home. Indeed, every family member probably owns a smartphone, which is way more powerful than the “family computers” of decades past, and a quite capable Linux box if rooted and paired with a Bluetooth keyboard. If you’re a burgeoning hardware hacker, a Raspberry Pi is a few tens of dollars and a more than capable machine for that purpose.
Exactly, if i want to test my pf firewall with "triggers" then this is one way, test my IDS etc, and with installed Kali everything is possible ;) just perfect!
Agreed, I am not sure I understand the "how can you expect this to be secure" argument. I paid nothing, and it's sometimes fun to have a thing to play with that someone created. I am not using this to proxy a hack into Bank of America, nor am I storing my 20 page manifesto.
If you do such a thing through here, you deserve whatever happens to you.
`nmap` or pentesting from dedicated hosting or your home fiber may lead to permban from your service provider. Here you can experiment without much consequences.
Is it safe?
Nobody ever got arrested for choosing segfault.net.
Take a close look at how that question isn't answered. It's best not to do any work on these, where you need to trust the platform. You might even get blamed for people's actions on their box next to you.
Not much remains outside of this being a honeypot or for criminals.
The weaselworded non answer to “is it safe” is obviously technically true. Even if they’ve disclosed all activity and logs and user ip addresses to law enforcement, which resulted in hundreds of people going to jail, they went to jail for what they did with this, not for “using it”…
It’s a fun curiosity. But anyone relying on it to cover up illegal activity should be very very careful. If what you’re doing can improve a cop’s chance of promotion, you should assume they’ll take advantage of that. And for “lesser crimes”, you can bet that most things you want to do from there are already on blocklists. You’ll have as much chance of getting your spam runs out of there as you do from any cheap vps or tor exit…
Readit News
1. https://www.thc.org/
Absolutely not, no assurance whatsoever.
or just me…
If you are so paranoid about your security and anonymity, why would you take promises made by a third party at face value?
Why would you trust anyone or anything with an ounce of your identity?
Here, you don't have to take many promises at face value. You do have to assume that everything you do on that server is monitored if you don't trust it, but you can connect to it via Tor and/or a VPN.
Big Thanks to the Creators!!
If you do such a thing through here, you deserve whatever happens to you.
Deleted Comment
I often want test or observe something i'm doing from outside my environment...
Not much remains outside of this being a honeypot or for criminals.
I think that's the joke. I prefer this non-answer over a long-winded bullshit answer that ultimately means nothing.
I don't mean to be snarky, but I don't think the target audience for these servers trusts them one bit, and the operators know this.
As a third party, of course absolutely experiment but don't rely on there being no logs, lol.
It’s a fun curiosity. But anyone relying on it to cover up illegal activity should be very very careful. If what you’re doing can improve a cop’s chance of promotion, you should assume they’ll take advantage of that. And for “lesser crimes”, you can bet that most things you want to do from there are already on blocklists. You’ll have as much chance of getting your spam runs out of there as you do from any cheap vps or tor exit…