Skip to the content.

Need some help?

  1. My Question is not answered here
    Join our Telegram channel and ask your question. We will try to answer.

  2. I have a problem with my Root Server
    Join our Telegram channel and send us the output of echo "$SF_HOSTNAME $SF_LID $SF_FQDN" or a screenshot and explain your problem (what you expect to see or happen and what you see or what happens instead).

  3. Can I do stupid things?
    No. You can not mine crypto or use segfault to do stupid or illegal things. This is not a warez trading platform either. It’s also not a ‘cheap way to access the Internet anonymously’ - buy your own VPN. Go away unless you are doing research or working on some great project. Join our Telegram Channel (especially if you are new): Participate & discuss.

  4. Can I do Bug Bounty?
    Hardly. BB tools often flood the target. They are a cost to us but you make the money 🤭. Donate and we are happy to upgrade your resources. Some fine BB hunters use Segfault for resource-friendly tools (like BurpSuite) without donating and that’s cool with us as long as you participate in the discussions and share your ideas.

  5. How do I log back in to my server?
    On log out you will see a command that allows to you to log back in to your server. It contains a SECRET and it is this SECRET that allows you access your server. The log out screen may look like this:

    Access with      : ssh -o "SetEnv SECRET=XXX..." root@NNN.segfault.net
    GOODBYE          : Join us on Telegram - https://t.me/thcorg 
    

    Use the command ssh -o "SetEnv SECRET=XXX... and the password segfault to log back in to your server. If you do not use the same SECRET and instead just do ssh root@segfault.net then a new server with a new /sec filesystem will be created for you. Alternatively use ssh secret@NNN.segfault.net with the password segfault and, when asked, your SECRET. There is also help for PuTTy, WinSCP and Termius.

  6. My files are gone when I log back in again
    You did not set the -o SetEnv "SECRET=XXX...". This means a brand new server was created when you logged in the second time.

  7. How long will the server run?
    Forever if you stay logged in (active session/connected). Auto-shutdown may occur if there is no shell running (in tmux or screen) and nobody has logged in for 1.5 days. A server may shut down during major software upgrades or due to abuse. No data in /sec is ever deleted or lost (even if shut down) and your data in /sec becomes available again on your next log in (but you may have to start your background processes again). These limits do not apply to cool users.

  8. My processes disappear after I log out
    See above.

  9. Why are my changes lost?
    Data in your home directory and in /sec, /onion and /everyone are permanent. This data is clearedo only if the server is not logged in for 30+ days. Naughty servers that are ‘empty’ or ‘100% full’ may get cleared earlier. Data in (/usr, /tmp, …) is only valid for the duration of the session and will disappear when you log out. You can use apt install and pipx install etc but the package can only be used until you log out. Alternatively you can install any package to /sec/usr. These timeouts are infinite for servers with TOKENS.

  10. How do I get more resources?
    The FREE service is restricted and the outbound traffic is throttled. Ask us for a secret token to get more resources. Tokens are FREE for anyone working on a cool project. You can see your current restrictions by typing cat /config/self/limits.

  11. My processes are getting killed
    Read above.

  12. Can I scan?
    It is discouraged. The scan will slow to 2ports/second after the first 8,000 ports. Use your own EXIT node for mass scanning.

  13. I get an SSH error
    Likely you got Bad configuration option: setenv when trying to log in to your existing server. You need to update your OpenSSH client to a newer version (ssh -V). Alternatively you can try SECRET=XXX ssh -o "SendEnv SECRET" root@segfault.net (where XXX is your SECRET) or ssh to secret@segfault.net.

  14. How can I install services or daemons?
    Take a look at /sec/usr/etc/rc.local. This file is executed on bootup. There is no systemd/systemctl.

  15. How can I start a Web Browse, VNC or GUI?
    1. Use https://shell.segfault.net. Click “I’m new here” to create a new server. Click “I’ve been here” to log in to your existing server: Take your SECRET and prefix it with the short server name. Example Secret: 8lgm-XXX....
    2. Log in with SSH start a VNC session: ssh -L5900:0:5900 <servername> and execute startxvnc. Then connect with VNC to 127.0.0.1:5900
    3. Log in with SSH, start a XPRA session: ssh -L2000:0:2000 <servername> and then browse to http://127.0.0.1:2000.

  16. How can I publish my Web Page?
    The Web Page is automatically generated using Pelican and the awesome Markdown syntax. All you need to do is edit the files in /sec/www/content and then execute:

    cd /sec/www && make html
    
  17. How do I change the password?
    You can not. The access password is always segfault. However, nobody can access your server using segfault as a password: The system generates a unique and new SECRET for every new log in and then uses this SECRET to set up your private virtual server (isolated from all other servers). It is this SECRET that allows only you to access your server. Read the next paragraph…

  18. When does it self-destruct?
    Immediately on log out or when you type halt. Your server shuts down and all system data and memory is wiped. Your private data in /sec and /root is only accessible while your server is running. When you log back in using the same SECRET then your server starts up again and your (old) private data is attached again to /sec (encrypted). You can wipe all data (including your encrypted data) by typing destruct.

  19. What EXIT IP is used?
    There are 3 or more EXIT IP lines shown during log in. These are the VPN providers through which your outgoing traffic is routed. Each of your outgoing connections leaves through a different EXIT (multipath routing). The VPN Exit Nodes cycle every few days.

  20. Is there a list of tools?
    The server comes with around 54GB of pre-installed tools. See the full list. Let us know if any tool is missing and we can add it (permanently).

  21. How to upload/download files?
    Use scp -o "SetEnv SECRET=XXX..." root@... or the shorter version scp <servername>. Alternatively log in with the port forward shown below, type startfb and then point your browser to http://127.0.0.1:2900

    ssh -L2900:0:2900 -o "SetEnv SECRET=XXX..." root@<servername>
    startfb
    

    Alternatively:

    1. Read How do I run a webserver on a permanent reverse Tunnel to access your files via Cloudflare.
    2. Copy your files to /onion and download them via TOR.
    3. Use rsync via the reverse port.

  22. Log in without password
    Type info and follow the instructions that look like this:

    :Cut & Paste these lines to your workstation's shell to retain access:
    ######################################################################
    cat >~/.ssh/id_sf-NNN-segfault-net <<'__EOF__'
    -----BEGIN OPENSSH PRIVATE KEY-----
    [...]
    

    Thereafter use any of these commands:

    ssh  your-server-name
    sftp your-server-name
    scp  your-server-name:stuff.tar.gz ~/
    
  23. SSH ProxyJump and -N are not working
    There is a workaround. Log in to your root server with ssh -D1080 .... Keep this shell open and alive. Then (from a different terminal on your workstation) execute:

    ssh -o ProxyCommand='socat - "SOCKS4A:0:%h:%p,socksuser=nobody|tcp:0:1080"' user@remotehost.foo
    

    or make an entry for ‘user@remotehost.foo’ in your ~/.ssh/config file:

    Host remotehost
       hostname remotehost.foo
       ProxyCommand socat - "SOCKS4A:0:%h:%p,socksuser=nobody|tcp:0:1080"
    

    and use ssh user@remotehost to log in.

    (For socat2 use socat2 - "SOCKS4A:%h:%p|tcp:0:1080")

  24. Can I run a SERVICE on a public IP?
    No. Your ROOT SERVER does not have a public IP: You can connect out (to the Internet) but nobody can connect back to your server (Read below for the only exception). There are MANY ways to tunnel a raw TCP port from a PUBLIC IP back to your ROOT SERVER. For HTTPS tunnels, use Cloudflared, Pagekite or ngrok.

  25. How do I use reverse Port Forwarding?
    You can assign one PORT on a public IP address with curl sf/port. This port is ephemeral and will change every 0-7 days:

    👾 New reverse Port is 1.12.123.222:1234
    

    That’s your personal IP:PORT for reverse connections / reverse shells. Any connection to 1.12.123.222 on Port 1234 is forwarded to your server on port 1234. You can listen for the connection like so:

    nc -vnlp 1234
    # If this is for a connect-back shell then you likely like to press
    # Ctrl-Z after connection and type 'stty raw -echo opost; fg'
    

    (The IP & PORT are an example. You need to read the log in message when you log in to find out your IP and PORT or check /config/self/reverse_*. The IP and PORT are temporary and may change every few days.).

    Read THC’s Tips & Tricks for alternatives.

  26. Can I use OpenVPN?
    Yes - but only to connect OUT from your ROOT SERVER (e.g. connect to HackTheBox or similar). You can not use OpenVPN to connect to your ROOT SERVER (only out): Use curl sf/ovpn. Alternatively, try WireGuard.

  27. How do I run a webserver on the temporary reverse Port?

    echo "Folder ${CDY}$(pwd)${CN} is now shared at ${CB}${CUL}http://$(</config/self/reverse_ip):$(</config/self/reverse_port)${CN}"
    python -m http.server "$(</config/self/reverse_port)"
    

    (Use for temporary sharing only. The reverse port may change at any time.)

  28. How do I run a webserver on a permanent reverse Tunnel?

    cd /onion
    (python -m http.server --bind 127.0.0.1 8080 &>/dev/null &)
    cloudflared tunnel --url http://localhost:8080 --no-autoupdate
    

    Your HTTPS URL will be shown to you (it looks like https://blah-foo-one-two.trycloudflare.com). Optionally start the tunnel inside tmux so that the tunnel stays connected after you exit your SSH session. Keep reading…

Contact

Twitter: https://twitter.com/hackerschoice
Mastodon: @thc@infosec.exchange
Telegram: https://t.me/thcorg
Web: https://www.thc.org
Medium: https://medium.com/@hackerschoice
Hashnode: https://iq.thc.org/
Abuse: https://thc.org/abuse
E-Mail: members@proton.thc.org