# virt-lab VM lab environment for doing network stuff ### Requirements * Virtualbox (5.2 or older) * Vagrant 2.2.x ### Setup base virtual network 1. Start all 6 VMs (3 routers and 3 edge nodes): `./boot_all.sh` 2. Go do something else cause its gonna take a while.. 3. (Optional) ssh to some machine: * ssh by port: `ssh -l vagrant localhost -p 22111` * ssh with vagrant: `cd edgers/vpn-server/ && vagrant ssh` or `cd && vagrant ssh` 4. Restart all the machines to make network changes take effect: `./stop_all.sh` then `./start_all.sh` 4. Build VPN server and add VPN client config file to client node: `cd virt-lab/configs; ./configure_vpn.sh` ![picture](diagrams/virtlab-setup.jpg) #### Connect client to VPN server 1. Ssh to the client VM: `cd virt-lab/edgers/client && vagrant ssh` 2. Connect to the local vpn server: `./connect.sh` ## Client-Side Attack #### Configure client side attack environment 1. Navigate to configuration folder: `cd virt-lab/configs` 2. Run setup script to build gateway attacker node: `./setup_cliside_env.sh` #### Test client side attack 1. ssh to victim client VM (base host): `cd virt-lab/edgers/client && vagrant ssh` 2. Connect client to VPN (in client vm): `./connect.sh` 3. Open another shell to ssh to web server node (base host): `cd virt-lab/edgers/web-server && vagrant ssh` 4. Open another shell to ssh to gateway attacker node (base host): `cd virt-lab/routers/gateway && vagrant ssh` 5. On web-server vm, open a netcat connection for the client to connect to: `nc -l 8080` 6. On the client vm, connect to the web server: `nc 192.168.3.2 8080 -p 40404` 7. On the attacker vm, navigate to the attack folder: `cd vpn-attacks/client-side-attack` 8. Rebuild all the attack scripts (attacker): `./rebuild_all.sh` 9. Navigate to full attack folder (attacker): `cd complete_attack` 10. Start full attack script (attacker): `./attack.sh` 11. Wait for script to infer private tun IP, port in use, exact sequence number, and in-window ack number needed to inject TCP ## Server-Side Attack #### Configure server side attack environment 1. Navigate to configuration folder: `cd virt-lab/configs` 2. Run setup script to build gateway attacker node: `./setup_servside_env.sh.sh` #### Test server side DNS attack 1. ssh to victim client VM (base host): `cd virt-lab/edgers/client && vagrant ssh` 2. Connect client to VPN (in client vm): `./connect.sh` 3. Open another shell to ssh to router1 attacker node (base host): `cd virt-lab/routers/router1 && vagrant ssh` 4. On the attack router vm navigate to dns inject folder: `cd vpn-attacks/server-side-attack/dns-sside/full_scan/` 5. Compile full attack script (attacker): `make` 6. Issue DNS lookup from client vm: `nslookup test.com 192.168.3.2` 7. Start inject script from attacker node: `./inject_test.sh` ## Teardown 1. Stop all the VMs: `./stop_all.sh` 2. Destroii all VMs in our path: `./destroy_all.sh`