You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

72 lines
3.1 KiB

  1. # virt-lab
  2. VM lab environment for testing on-path VPN attacks
  3. ### Requirements
  4. * Virtualbox (5.2 or older)
  5. * Vagrant 2.2.x
  6. ### Setup base virtual network
  7. 1. Start all 6 VMs (3 routers and 3 edge nodes): `cd virt-lab; ./boot_all.sh`
  8. 2. Go do something else cause its gonna take a while..
  9. 3. ssh to some machine:
  10. * ssh by port: `ssh -l vagrant localhost -p 22111`
  11. * ssh with vagrant: `cd edgers/vpn-server/; vagrant ssh` or `cd <path-to-vagrantfile>; vagrant ssh`
  12. 4. Restart all the machines to make network changes take effect: `./stop_all.sh` then `./start_all.sh`
  13. 5. Make sure edge nodes can ping eachother: `ping 192.168.3.2`
  14. ![picture](diagrams/virtlab-setup.jpg)
  15. #### Build VPN server
  16. 1. Copy setup scripts to vpn server VM: `cd virt-lab/edgers/vpn-server; ./copy_vpn_setup.sh`
  17. 2. Ssh to vpn server VM: `cd virt-lab/edgers/vpn-server; vagrant ssh`
  18. 3. Run interactive script to setup vm as a OpenVPN server: `./setup_vpn.sh`
  19. * Keep hitting `Enter` or `y` to leave all default values
  20. 4. Run script to generate client config file: `./make_client_configs.sh`
  21. #### Connect client to VPN server
  22. 1. Run script to copy `client1` config file from vpn server to client vm: `cd virt-lab/edgers/client; ./copy_client_config.sh`
  23. 2. Ssh to the client VM: `cd virt-lab/edgers/client; vagrant ssh`
  24. 2. Install OpenVPN on the client vm: `./connect.sh`
  25. 3. Connect to the local vpn server: `sudo openvpn --client --config client1.ovpn &`
  26. #### Setup DNS server on "web-server" node
  27. 1. Run script to copy dns setup scripts to vm: `cd virt-lab/edgers/web-server; ./copy_dns_setup.sh`
  28. 2. Ssh to server vm: `cd virt-lab/edgers/web-server; vagrant ssh`
  29. 3. Run docker install script: `./install_docker.sh`
  30. 4. Start the dns bind docker container: `./start_dns.sh` (may need to log back in for new docker permissions)
  31. 5. Check to make sure its alivee: `docker ps` or `docker logs bind`
  32. #### Setup attack router for dns inject attack
  33. 1. Start script to copy attacker setup to vm: `cd virt-lab/routers/router1; ./copy_attacker_setup.sh`
  34. 2. Ssh to router vm: `cd virt-lab/routers/router1; vagrant ssh`
  35. 3. Run the setup script to install spoofing libraries and repo: `./setup_attacker.sh`
  36. 4. Change to dns attack folder: `cd VeepExploit/server-side-attack/dns-sside/full_scan`
  37. 5. Compile the attack script: `make`
  38. 6. Run the attack: `sudo ./uud_send <dns_server_ip> <src_port (53)> <vpn_server_ip> <start_port> <end_port>`
  39. ### Test the DNS Injection
  40. 1. Either run the overload script or simply turn off the local DNS server to ensure the real responses do not beat our injected responses: `docker stop bind` (on web-server VM)
  41. 2. Query for our test domain from the VPN client node: `nslookup yo.com 192.168.3.2` (`yo.com` is hardcoded as the domain name response in the injection script)3. Make sure there is a `conntrack` entry on the VPN server for our clients lookup: `sudo conntrack -L | grep 192.168.3.2 | grep udp`
  42. 4. Start the injection script from the attack node once the client has issued the request: `sudo ./uud_send 192.168.3.2 53 192.168.2.2 32000 62000`
  43. ### Teardown
  44. 1. Stop all the VMs: `./stop_all.sh`
  45. 2. Destroii all VMs in our path: `./destroy_all.sh`