forked from nihilist/blog-contributions
486 lines
18 KiB
HTML
486 lines
18 KiB
HTML
<!DOCTYPE html>
|
||
<html lang="en">
|
||
<head>
|
||
<meta charset="utf-8">
|
||
<meta http-equiv="X-UA-Compatible" content="IE=edge">
|
||
<meta name="viewport" content="width=device-width, initial-scale=1.0">
|
||
<meta name="description" content="">
|
||
<meta name="author" content="">
|
||
<link rel="shortcut icon" href="../../../../../../assets/img/favicon.png">
|
||
|
||
<title>antiforensics Setup</title>
|
||
|
||
<!-- Bootstrap core CSS -->
|
||
<link href="../../assets/css/bootstrap.css" rel="stylesheet">
|
||
<link href="../../assets/css/xt256.css" rel="stylesheet">
|
||
|
||
|
||
|
||
<!-- Custom styles for this template -->
|
||
<link href="../../assets/css/main.css" rel="stylesheet">
|
||
|
||
|
||
|
||
<!-- HTML5 shim and Respond.js IE8 support of HTML5 elements and media queries -->
|
||
<!--[if lt IE 9]>
|
||
<script src="https://oss.maxcdn.com/libs/html5shiv/3.7.0/html5shiv.js"></script>
|
||
<script src="https://oss.maxcdn.com/libs/respond.js/1.3.0/respond.min.js"></script>
|
||
<![endif]-->
|
||
</head>
|
||
|
||
<body>
|
||
|
||
<!-- Static navbar -->
|
||
<div class="navbar navbar-inverse-anon navbar-static-top">
|
||
<div class="container">
|
||
<div class="navbar-header">
|
||
<button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
|
||
<span class="icon-bar"></span>
|
||
<span class="icon-bar"></span>
|
||
<span class="icon-bar"></span>
|
||
</button>
|
||
<a class="navbar-brand-anon" href="\index.html">nihilist`s Blog</a>
|
||
</div>
|
||
<div class="navbar-collapse collapse">
|
||
<ul class="nav navbar-nav navbar-right">
|
||
|
||
<li><a href="/about.html">About</a></li>
|
||
<li><a href="/blog.html">Categories</a></li>
|
||
<li><a href="https://blog.nowhere.moe/donate.html">Donate</a></li>
|
||
<li><a href="/contact.html">Contact</a></li>
|
||
</ul>
|
||
</div><!--/.nav-collapse -->
|
||
|
||
</div>
|
||
</div>
|
||
|
||
<!-- +++++ Posts Lists +++++ -->
|
||
<!-- +++++ First Post +++++ -->
|
||
<div id="anon2">
|
||
<div class="container">
|
||
<div class="row">
|
||
<div class="col-lg-8 col-lg-offset-2">
|
||
<a href="../index.html">Previous Page</a></br></br><p><img src="../../assets/img/user.png" width="50px" height="50px"> <ba>nihilist@mainpc - 2024-01-29</ba></p>
|
||
<h1>Linux Host OS Hardening, Virtualisation and Anti Forensics Setup </h1>
|
||
<img src="0.png" style="width:250px">
|
||
<p>In this tutorial we're going to cover why it's important to have an Opensource host-OS and virtualisation software for privacy purposes and we're going to go through all the steps we need to set it up. We'll also cover how to harden the OS using kickstart (which was made by the whonix developers), and we'll look at how to virtualize VMs while still using opensource software. </p>
|
||
|
||
</div>
|
||
</div><!-- /row -->
|
||
</div> <!-- /container -->
|
||
</div><!-- /grey -->
|
||
|
||
<!-- +++++ Second Post +++++ -->
|
||
<div id="anon3">
|
||
<div class="container">
|
||
<div class="row">
|
||
<div class="col-lg-8 col-lg-offset-2">
|
||
<h2><b>Initial Setup </b></h2>
|
||
<p>Most people talk about opsec, but they don't realize how bad their opsec is. You would'nt barricade your bedroom door before barricading the frontdoor right ? In this case, the hardware and the host OS are the front door, and the rest is inside your house. You are leaving your front door opened when you're using a closed source Host OS (for example Windows, or MacOS, or similar). Hence you need a Linux host OS. for example we're going to setup the latest <a href="https://www.debian.org/download">Debian</a> in this case.</p>
|
||
<pre><code class="nim">
|
||
[ mainpc ] [ /dev/pts/4 ] [~/Downloads]
|
||
→ wget https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.4.0-amd64-netinst.iso
|
||
--2024-01-30 14:53:15-- https://cdimage.debian.org/debian-cd/current/amd64/iso-cd/debian-12.4.0-amd64-netinst.iso
|
||
Resolving cdimage.debian.org (cdimage.debian.org)... 194.71.11.165, 194.71.11.173, 194.71.11.163, ...
|
||
Connecting to cdimage.debian.org (cdimage.debian.org)|194.71.11.165|:443... connected.
|
||
HTTP request sent, awaiting response... 302 Found
|
||
Location: https://gemmei.ftp.acc.umu.se/debian-cd/current/amd64/iso-cd/debian-12.4.0-amd64-netinst.iso [following]
|
||
--2024-01-30 14:53:15-- https://gemmei.ftp.acc.umu.se/debian-cd/current/amd64/iso-cd/debian-12.4.0-amd64-netinst.iso
|
||
Resolving gemmei.ftp.acc.umu.se (gemmei.ftp.acc.umu.se)... 194.71.11.137, 2001:6b0:19::137
|
||
Connecting to gemmei.ftp.acc.umu.se (gemmei.ftp.acc.umu.se)|194.71.11.137|:443... connected.
|
||
HTTP request sent, awaiting response... 200 OK
|
||
Length: 658505728 (628M) [application/x-iso9660-image]
|
||
Saving to: ‘debian-12.4.0-amd64-netinst.iso’
|
||
|
||
debian-12.4.0-amd64-netinst.i 100%[=================================================>] 628.00M 6.85MB/s in 83s
|
||
|
||
2024-01-30 14:54:39 (7.55 MB/s) - ‘debian-12.4.0-amd64-netinst.iso’ saved [658505728/658505728]
|
||
|
||
|
||
</code></pre>
|
||
|
||
<p>Then flash it onto an usb stick (heres how you do it from linux below):</p>
|
||
<pre><code class="nim">
|
||
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
|
||
→ lsblk
|
||
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
|
||
sda 8:0 0 3.6T 0 disk
|
||
sdb 8:16 1 14.6G 0 disk
|
||
<b>└─sdb1 8:17 1 14.6G 0 part /media/nihilist/022E-0C69</b>
|
||
|
||
|
||
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
|
||
→ sudo umount /media/nihilist/022E-0C69
|
||
umount: /media/nihilist/022E-0C69: not mounted.
|
||
|
||
[ mainpc ] [ /dev/pts/1 ] [~/Downloads]
|
||
→ lsblk
|
||
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINTS
|
||
sda 8:0 0 3.6T 0 disk
|
||
sdb 8:16 1 14.6G 0 disk
|
||
<b>└─sdb1 8:17 1 14.6G 0 part</b>
|
||
|
||
→ sudo dd if=debian-12.4.0-amd64-netinst.iso of=/dev/sdb1 bs=8M status=progress
|
||
[sudo] password for nihilist:
|
||
78+1 records in
|
||
78+1 records out
|
||
658505728 bytes (659 MB, 628 MiB) copied, 45.6007 s, 14.4 MB/s
|
||
|
||
</code></pre>
|
||
<p>You can use tools like <a href="https://etcher.balena.io/">balenaetcher</a> to do the same from other OSes like Windows.</p>
|
||
<p>Now that's done, we need to reboot the host OS and get into the BIOS:</p>
|
||
<img src="1.png" class="imgRz">
|
||
<p>In this case we need to spam the F2 key upon booting to arrive into the BIOS. Then navigate to the Boot selection in order to boot to the USB key. for example it can be : </p>
|
||
<img src="2.png" class="imgRz">
|
||
<img src="3.png" class="imgRz">
|
||
<img src="4.png" class="imgRz">
|
||
|
||
<p>Here instead you just choose the usb key you flashed the linux image on, and boot onto it. Then do as follows:</p>
|
||
<img src="5.png" class="imgRz">
|
||
|
||
<p>Now that's done, follow the installation of the host OS on the harddrive you prefer. <b>Make sure its' not LUKS encrypted</b>, as Kicksecure <a href="https://github.com/dracutdevs/dracut/issues/1888">still didn't fix</a> the ram-wipe feature for LUKS systems (as of 30/01/2024). Besides, a simple LUKS encryption would not be enough in a situation where you are forced to give out your password. (see veracrypt's details on <a href="https://veracrypt.eu/en/Plausible%20Deniability.html">Plausible Deniability</a>.)</p>
|
||
|
||
<!--<img src="6.png" class="imgRz">-->
|
||
<img src="10.png" class="imgRz">
|
||
|
||
|
||
<p>Then make sure it has a desktop environment (i recommend cinnamon).</p>
|
||
<img src="7.png" class="imgRz">
|
||
<p>Then let the install finish and then reboot the computer and remove the usb key, it should then boot into a clean host OS.</p>
|
||
|
||
|
||
|
||
|
||
</div>
|
||
</div><!-- /row -->
|
||
</div> <!-- /container -->
|
||
</div><!-- /white -->
|
||
|
||
<div id="anon2">
|
||
<div class="container">
|
||
<div class="row">
|
||
<div class="col-lg-8 col-lg-offset-2">
|
||
<h2><b>Host OS Hardening (Debian -> Kicksecure)</b></h2> </br> </br>
|
||
<p>Now that we're in our host OS, let's harden it by turning it into a Kicksecure distro:</p>
|
||
<pre><code class="nim">
|
||
su -
|
||
apt update ; apt full-upgrade ; apt install --no-install-recommends sudo adduser curl apt-transport-tor tor torsocks
|
||
|
||
/usr/sbin/addgroup --system console
|
||
|
||
/usr/sbin/adduser nothing console #replace nothing with your username
|
||
/usr/sbin/adduser nothing sudo #replace nothing with your username
|
||
|
||
reboot now
|
||
|
||
</code></pre>
|
||
<p>After rebooting, install kicksecure like so: (beware it must be done as the user mentionned above. in this case user is nothing:</p>
|
||
<pre><code class="nim">
|
||
nothing@debian:~$ sudo apt update -y ; sudo apt full-upgrade -y
|
||
|
||
</code></pre>
|
||
<p>Then we download the kicksecure keyring via tor:</p>
|
||
<pre><code class="nim">
|
||
nothing@debian:~$ sudo torsocks curl --output /usr/share/keyrings/derivative.asc --url http://www.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion/keys/derivative.asc
|
||
nothing@debian:~$ echo "deb [signed-by=/usr/share/keyrings/derivative.asc] tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm main contrib non-free" | sudo tee /etc/apt/sources.list.d/derivative.list
|
||
|
||
nothing@debian:~$ sudo apt update -y
|
||
Hit:1 http://security.debian.org/debian-security bookworm-security InRelease
|
||
Hit:2 http://deb.debian.org/debian bookworm InRelease
|
||
Hit:3 http://deb.debian.org/debian bookworm-updates InRelease
|
||
Get:4 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm InRelease [39.6 kB]
|
||
Get:5 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm/main amd64 Packages [34.3 kB]
|
||
Get:6 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm/contrib amd64 Packages [506 B]
|
||
Get:7 tor+http://deb.w5j6stm77zs6652pgsij4awcjeel3eco7kvipheu6mtr623eyyehj4yd.onion bookworm/non-free amd64 Packages [896 B]
|
||
Fetched 75.3 kB in 31s (2,419 B/s)
|
||
Reading package lists... Done
|
||
Building dependency tree... Done
|
||
Reading state information... Done
|
||
All packages are up to date.
|
||
|
||
nothing@debian:~$ sudo apt full-upgrade -y
|
||
Reading package lists... Done
|
||
Building dependency tree... Done
|
||
Reading state information... Done
|
||
Calculating upgrade... Done
|
||
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
|
||
|
||
sudo apt install --no-install-recommends kicksecure-cli-host -y
|
||
#tor connection may crash sometimes, so just relaunch that command again if it fails
|
||
|
||
</code></pre>
|
||
<p>Then we do the Post-upgrade steps:</p>
|
||
<pre><code class="nim">
|
||
sudo mv /etc/apt/sources.list ~/
|
||
sudo touch /etc/apt/sources.list
|
||
|
||
sudo reboot now
|
||
</code></pre>
|
||
<p>Then as you reboot you'll see that grub shows that it's now kicksecure instead of debian:</p>
|
||
<img src="8.png" class="imgRz">
|
||
|
||
<p>Next, we make sure that unattended upgrades are activated so that minor package updates are automatically carried out by the system.</p>
|
||
<pre><code class="nim">
|
||
nothing@debian:~$ sudo apt install unattended-upgrades apt-listchanges -y
|
||
nothing@debian:~$ sudo dpkg-reconfigure -plow unattended-upgrades
|
||
|
||
</code></pre>
|
||
<img src="9.png" class="imgRz">
|
||
<p>Next we're going to make sure that the ram gets overwritten upon shutdowns to prevent cold boot attacks.</p>
|
||
<pre><code class="nim">
|
||
nothing@debian:~$ sudo apt install --no-install-recommends ram-wipe
|
||
|
||
</code></pre>
|
||
|
||
<p>If you are testing from a VM, you need to do the following:</p>
|
||
<pre><code class="nim">
|
||
nothing@debian:~$ echo 'GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=force"' | sudo tee -a /etc/default/grub.d/50_user.cfg
|
||
GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT wiperam=force"
|
||
|
||
nothing@debian:~$ sudo update-grub
|
||
Generating grub configuration file ...
|
||
Found background image: .background_cache.png
|
||
Found linux image: /boot/vmlinuz-6.1.0-17-amd64
|
||
Found initrd image: /boot/initrd.img-6.1.0-17-amd64
|
||
Found linux image: /boot/vmlinuz-6.1.0-15-amd64
|
||
Found initrd image: /boot/initrd.img-6.1.0-15-amd64
|
||
Warning: os-prober will not be executed to detect other bootable partitions.
|
||
Systems on them will not be added to the GRUB boot configuration.
|
||
Check GRUB_DISABLE_OS_PROBER documentation entry.
|
||
done
|
||
|
||
</code></pre>
|
||
|
||
<p>Then you can test if it's working by rebooting and checking the shutdown output logs.Next, we're going to trim out what we don't need from our Host OS. First and foremost, let's get rid of all the logs (both system and kernel logs) on the system. We first make sure that logs are cleared upon startup like so:</p>
|
||
<pre><code class="nim">
|
||
root@debian:~# cat startup.sh
|
||
#!/bin/bash
|
||
sudo rm -rf /var/log
|
||
sudo rm -rf /dev/shm/*
|
||
|
||
sudo ln -s /dev/shm /var/log
|
||
|
||
sudo dmesg -c
|
||
sudo dmesg -n 1
|
||
sudo dmesg -c
|
||
|
||
#also uncomment the kernel.printk line in /etc/sysctl.conf to avoid the kernel from printing out errors
|
||
|
||
root@debian:~# chmod +x startup.sh
|
||
|
||
root@debian:~# vim /etc/sysctl.conf
|
||
|
||
root@debian:~# cat /etc/sysctl.conf | grep printk
|
||
kernel.printk = 3 4 1 3
|
||
|
||
|
||
root@debian:~# vim /etc/systemd/system/startup.service
|
||
|
||
root@debian:~# cat /etc/systemd/system/startup.service
|
||
[Unit]
|
||
Description=Clearing logs at startup
|
||
Wants=network.target
|
||
After=network-online.target
|
||
|
||
[Service]
|
||
Type=oneshot
|
||
ExecStart=/root/startup.sh
|
||
TimeoutStartSec=0
|
||
|
||
[Install]
|
||
WantedBy=shutdown.target
|
||
|
||
root@debian:~# systemctl daemon-reload
|
||
|
||
root@debian:~# systemctl enable startup
|
||
Created symlink /etc/systemd/system/shutdown.target.wants/startup.service → /etc/systemd/system/startup.service.
|
||
|
||
</code></pre>
|
||
|
||
<p>Then we make sure that logs are being cleared out minutely:</p>
|
||
<pre><code class="nim">
|
||
root@debian:~# cat removelogs.sh
|
||
#!/bin/bash
|
||
|
||
rm -rf /dev/shm/*
|
||
rm -rf /var/log/*
|
||
dmesg -c
|
||
|
||
root@debian:~# chmod +x removelogs.sh
|
||
|
||
root@debian:~# crontab -e
|
||
|
||
</code></pre>
|
||
|
||
<p>Then we make sure that logs are cleared out upon shutdown, along with VMs shutdowns if there are any, veracrypt volumes closing, and log cleanups:</p>
|
||
<pre><code class="nim">
|
||
root@debian:~# vim shutdown.sh
|
||
root@debian:~# cat shutdown.sh
|
||
#!/bin/bash
|
||
|
||
#remove VMs
|
||
|
||
sudo virsh -c qemu:///system destroy Whonix-Gateway
|
||
sudo virsh -c qemu:///system destroy Whonix-Workstation
|
||
sudo virsh -c qemu:///system undefine Whonix-Gateway
|
||
sudo virsh -c qemu:///system undefine Whonix-Workstation
|
||
sudo virsh -c qemu:///system net-destroy Whonix-External
|
||
sudo virsh -c qemu:///system net-destroy Whonix-Internal
|
||
sudo virsh -c qemu:///system net-undefine Whonix-External
|
||
sudo virsh -c qemu:///system net-undefine Whonix-External
|
||
|
||
#then unmount veracrypt volumes
|
||
|
||
sudo veracrypt -d -f
|
||
|
||
# then cleanup logs
|
||
|
||
sudo rm -rf /dev/shm/*
|
||
sudo rm -rf /var/log/*
|
||
sudo dmesg -c
|
||
|
||
root@debian:~# chmod +x shutdown.sh
|
||
|
||
root@debian:~# vim /etc/systemd/system/shutdown.service
|
||
root@debian:~# cat /etc/systemd/system/shutdown.service
|
||
[Unit]
|
||
Description=Shutdown Anti forensics
|
||
DefaultDependencies=no
|
||
Before=shutdown.target reboot.target halt.target
|
||
|
||
[Service]
|
||
Type=oneshot
|
||
ExecStart=/root/shutdown.sh
|
||
TimeoutStartSec=0
|
||
|
||
[Install]
|
||
WantedBy=shutdown.target reboot.target halt.target
|
||
root@debian:~# systemctl daemon-reload
|
||
root@debian:~# systemctl enable shutdown
|
||
Created symlink /etc/systemd/system/shutdown.target.wants/shutdown.service → /etc/systemd/system/shutdown.service.
|
||
Created symlink /etc/systemd/system/reboot.target.wants/shutdown.service → /etc/systemd/system/shutdown.service.
|
||
Created symlink /etc/systemd/system/halt.target.wants/shutdown.service → /etc/systemd/system/shutdown.service.
|
||
|
||
</code></pre>
|
||
<p>Then you can reboot to see that all logs are removed as intended:</p>
|
||
<pre><code class="nim">
|
||
sudo reboot now
|
||
|
||
root@debian:~# ls -lash /var | grep log
|
||
0 lrwxrwxrwx 1 root root 8 Jan 30 14:13 log -> /dev/shm
|
||
|
||
root@debian:~# tail -f /var/log/*.log
|
||
tail: cannot open '/var/log/*.log' for reading: No such file or directory
|
||
tail: no files remaining
|
||
|
||
root@debian:~# tail -f /dev/shm/*.log
|
||
tail: cannot open '/dev/shm/*.log' for reading: No such file or directory
|
||
tail: no files remaining
|
||
|
||
root@debian:~# dmesg
|
||
root@debian:~#
|
||
|
||
</pre></code>
|
||
<p></p>
|
||
|
||
</div>
|
||
</div><!-- /row -->
|
||
</div> <!-- /container -->
|
||
</div><!-- /white -->
|
||
|
||
|
||
<!-- +++++ Second Post +++++ -->
|
||
<div id="anon1">
|
||
<div class="container">
|
||
<div class="row">
|
||
<div class="col-lg-8 col-lg-offset-2">
|
||
<h2><b>Virtualisation setup</b></h2> </br> </br>
|
||
<p>Next step, we do not virtualize anything using closed-source software like vmware or else. We use QEMU/KVM with virt-manager:</p>
|
||
<pre><code class="nim">
|
||
nothing@debian:~# sudo apt install libvirt0 virt-manager dnsmasq bridge-utils
|
||
|
||
sudo systemctl enable --now libvirtd
|
||
|
||
nothing@debian:~# sudo usermod -a -G libvirt nothing
|
||
nothing@debian:~# sudo usermod -a -G kvm nothing
|
||
|
||
nothing@debian:~# sudo vim /etc/libvirt/libvirtd.conf
|
||
nothing@debian:~# cat /etc/libvirt/libvirtd.conf | grep sock_group
|
||
unix_sock_group = "libvirt"
|
||
unix_sock_rw_perms = "0770"
|
||
|
||
nothing@debian:~# sudo chmod 770 -R VMs
|
||
nothing@debian:~# sudo chown nothing:libvirt -R VMs
|
||
|
||
nothing@debian:~# cat /etc/libvirt/qemu.conf
|
||
group = "libvirt"
|
||
user = "nothing"
|
||
|
||
nothing@debian:~# systemctl restart libvirtd.service
|
||
|
||
virt-manager
|
||
|
||
</code></pre>
|
||
<p>Next just make sure that the NAT network is created, and that the ISOs and VMs folders are with the correct permissions:</p>
|
||
<img src="11.png" class="imgRz">
|
||
<pre><code class="nim">
|
||
nothing@debian:~$ mkdir ISOs
|
||
nothing@debian:~$ mkdir VMs
|
||
|
||
nothing@debian:~$ sudo chmod 770 -R VMs
|
||
nothing@debian:~$ sudo chmod 770 -R ISOs
|
||
|
||
nothing@debian:~$ sudo chown nothing:libvirt -R VMs
|
||
nothing@debian:~$ sudo chown nothing:libvirt -R ISOs
|
||
</code></pre>
|
||
|
||
<p>Then you can add the file directories in virt-manager like so:</p>
|
||
<img src="13.png" class="imgRz">
|
||
<img src="12.png" class="imgRz">
|
||
<p>And now you're all set to start making VMs while maintaining the open-source requirement.</p>
|
||
|
||
</div>
|
||
</div><!-- /row -->
|
||
</div> <!-- /container -->
|
||
</div><!-- /white -->
|
||
|
||
<!-- +++++ Footer Section +++++ -->
|
||
|
||
<div id="anonb">
|
||
<div class="container">
|
||
<div class="row">
|
||
<div class="col-lg-4">
|
||
<h4>Nihilism</h4>
|
||
<p>
|
||
Until there is Nothing left.
|
||
|
||
</p>
|
||
</div><!-- /col-lg-4 -->
|
||
|
||
<div class="col-lg-4">
|
||
<h4>My Links</h4>
|
||
<p>
|
||
|
||
<a target="_blank" rel="noopener noreferrer" href="http://blog.nowhere.moe/rss/feed.xml">RSS Feed</a><br/><a target="_blank" rel="noopener noreferrer" href="https://matrix.to/#/#nowheremoe:nowhere.moe">Matrix Chat</a><br/>
|
||
|
||
</p>
|
||
</div><!-- /col-lg-4 -->
|
||
|
||
<div class="col-lg-4">
|
||
<h4>About nihilist</h4>
|
||
<p style="word-wrap: break-word;"><u>Donate XMR:</u> 8AUYjhQeG3D5aodJDtqG499N5jXXM71gYKD8LgSsFB9BUV1o7muLv3DXHoydRTK4SZaaUBq4EAUqpZHLrX2VZLH71Jrd9k8</p></br><p><u>Contact:</u> nihilist@nowhere.moe (<a href="https://nowhere.moe/nihilist.pubkey">PGP</a>)</p>
|
||
</div><!-- /col-lg-4 -->
|
||
|
||
</div>
|
||
|
||
</div>
|
||
</div>
|
||
|
||
|
||
<!-- Bootstrap core JavaScript
|
||
================================================== -->
|
||
<!-- Placed at the end of the document so the pages load faster -->
|
||
|
||
</body>
|
||
</html>
|