You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
# virtual-test-environment
VM lab environment for testing on-path VPN attacks
### Requirements
* Virtualbox (5.2 or older)* Vagrant 2.2.x
### Setup base virtual network
1. Start all 6 VMs (3 routers and 3 edge nodes): `cd virtual-test-environment; ./boot_all.sh`2. Go do something else cause its gonna take a while..3. ssh to some machine: * ssh by port: `ssh -l vagrant localhost -p 22111` * ssh with vagrant: `cd edgers/vpn-server/; vagrant ssh` or `cd <path-to-vagrantfile>; vagrant ssh`4. Restart all the machines to make network changes take effect: `./stop_all.sh` then `./start_all.sh`5. Make sure edge nodes can ping eachother: `ping 192.168.3.2`
#### Build VPN server
1. Copy setup scripts to vpn server VM: `cd virtual-test-environment/edgers/vpn-server; ./copy_vpn_setup.sh`2. Ssh to vpn server VM: `cd virtual-test-environment/edgers/vpn-server; vagrant ssh`3. Run interactive script to setup vm as a OpenVPN server: `./setup_vpn.sh`* Keep hitting `Enter` or `y` to leave all default values4. Run script to generate client config file: `./make_client_configs.sh`
#### Connect client to VPN server
1. Run script to copy `client1` config file from vpn server to client vm: `cd virtual-test-environment/edgers/client; ./copy_client_config.sh`2. Ssh to the client VM: `cd virtual-test-environment/edgers/client; vagrant ssh`2. Install OpenVPN on the client vm: `./connect.sh`3. Connect to the local vpn server: `sudo openvpn --client --config client1.ovpn &`
#### Setup DNS server on "web-server" node
1. Run script to copy dns setup scripts to vm: `cd virtual-test-environment/edgers/web-server; ./copy_dns_setup.sh`2. Ssh to server vm: `cd virtual-test-environment/edgers/web-server; vagrant ssh`3. Run docker install script: `./install_docker.sh`4. Start the dns bind docker container: `./start_dns.sh` (may need to log back in for new docker permissions)5. Check to make sure its alivee: `docker ps` or `docker logs bind`
#### Setup attack router for dns inject attack
1. Start script to copy attacker setup to vm: `cd virtual-test-environment/routers/router1; ./copy_attacker_setup.sh`2. Ssh to router vm: `cd virtual-test-environment/routers/router1; vagrant ssh`3. Run the setup script to install spoofing libraries and repo: `./setup_attacker.sh`4. Change to dns attack folder: `cd VeepExploit/server-side-attack/dns-sside/full_scan`5. Compile the attack script: `make`6. Run the attack: `sudo ./uud_send <dns_server_ip> <src_port (53)> <vpn_server_ip> <start_port> <end_port>`
### Test the DNS Injection
1. Either run the overload script or simply turn off the local DNS server to ensure the real responses do not beat our injected responses: `docker stop bind` (on web-server VM)2. Query for our test domain from the VPN client node: `nslookup yo.com 192.168.3.2` (`yo.com` is hardcoded as the domain name response in the injection script)3. Make sure there is a `conntrack` entry on the VPN server for our clients lookup: `sudo conntrack -L | grep 192.168.3.2 | grep udp`4. Start the injection script from the attack node once the client has issued the request: `sudo ./uud_send 192.168.3.2 53 192.168.2.2 32000 62000`
### Teardown
1. Stop all the VMs: `./stop_all.sh`2. Destroii all VMs in our path: `./destroy_all.sh`
|
