A new black market has appeared and has been targeted by the FBI. After checking for suspicious posts on stackoverflow and finding nothing, they give up and are offering a bounty to anyone who can get information on the server that is hosting the hidden service.

Link: http://mq72g4732yorslzf.onion/


Okay. Given tor-hostname (http://en.wikipedia.org/wiki/.onion).

Downloading torbundle and opening this address.
See something like this:

Pay attention to the upper right corner – here is avatar change menu.

Interesting… Let’s see what here is it:

The very first idea that comes to mind – to specify the address of any site, controlled by me, in order to see IP-address from which requests go. I did it and saw this request in the web server log:
Perfect! Flag? “Wrong flag”… Hmm… Make whois, but there is no one of addresses or names of the company, which owns this ip isn’t fit. Opening this ip in browser. Here is hack-style blog. Lets find “flag” on page. Gotcha!

The flag.. It is ’0hSh1t1r4n0ut0fn00dl35′