Tags: shodan ssh tor fbi tracing 

Rating: 5.0

Original Article at:

FBI 100 (Find me)

This challenge requires the participants to find the IP address of an anonymous hidden service accessible via the Tor network. This would be easy if we were in your ordinary internet environment, but in the Tor network, you can’t really do an nslookup or dig. The participants will have to find other ways to pinpoint the location of the service. Luckily, there is indeed a way, and it has something to do with searching for the banner of the service using one of my favourite search engines: Shodan.


  1. Install Tor on your Linux machine. In my case, I simply did a sudo apt install torbecause I used a Lubuntu Virtual Machine.
  2. Register a Shodan account and acquire your API key. It should be under your Account Overview.
  3. Clone SSH Key Scanner using git (git clone https://github.com/0x27/ssh_keyscanner.git)
  4. Open the keyscanner.py file inside the cloned repository directory
  5. Change the value of the SHODAN_API_KEY variable to your own Shodan API key
  6. Run torify python keyscanner.py -i ekosshlons2uweke.onion
  7. What keyscanner.py does is: it acquires a colon-separated MD5 hash of the SSH service’s public key called an “SSH Fingerprint” and then it searches Shodan for a banner containing that fingerprint. You can alternatively extract the SSH fingerprint of the service manually using nmap and search for it in Shodan.
  8. The flag is EKO{}