vpn-attacks/virtual-test-environment

virt-lab

VM lab environment for doing network stuff

Requirements

• Virtualbox (5.2 or older)
• Vagrant 2.2.x

Setup base virtual network

1. Start all 6 VMs (3 routers and 3 edge nodes): ./boot_all.sh
2. Go do something else cause its gonna take a while..
3. (Optional) ssh to some machine:

• ssh by port: ssh -l vagrant localhost -p 22111
• ssh with vagrant: cd edgers/vpn-server/ && vagrant ssh or cd <path-to-vagrantfile> && vagrant ssh

4. Restart all the machines to make network changes take effect: ./stop_all.sh then ./start_all.sh
5. Build VPN server and add VPN client config file to client node: cd virt-lab/configs; ./configure_vpn.sh

Connect client to VPN server

1. Ssh to the client VM: cd virt-lab/edgers/client && vagrant ssh
2. Connect to the local vpn server: ./connect.sh

Client-Side Attack

Configure client side attack environment

1. Navigate to configuration folder: cd virt-lab/configs
2. Run setup script to build gateway attacker node: ./setup_cliside_env.sh

Test client side attack

1. ssh to victim client VM (base host): cd virt-lab/edgers/client && vagrant ssh
2. Connect client to VPN (in client vm): ./connect.sh
3. Open another shell to ssh to web server node (base host): cd virt-lab/edgers/web-server && vagrant ssh
4. Open another shell to ssh to gateway attacker node (base host): cd virt-lab/routers/gateway && vagrant ssh
5. On web-server vm, open a netcat connection for the client to connect to: nc -l 8080
6. On the client vm, connect to the web server: nc 192.168.3.2 8080 -p 40404
7. On the attacker vm, navigate to the attack folder: cd vpn-attacks/client-side-attack
8. Rebuild all the attack scripts (attacker): ./rebuild_all.sh
9. Navigate to full attack folder (attacker): cd complete_attack
10. Start full attack script (attacker): ./attack.sh
11. Wait for script to infer private tun IP, port in use, exact sequence number, and in-window ack number needed to inject TCP

Server-Side Attack

Configure server side attack environment

1. Navigate to configuration folder: cd virt-lab/configs
2. Run setup script to build gateway attacker node: ./setup_servside_env.sh.sh

Test server side DNS attack

1. ssh to victim client VM (base host): cd virt-lab/edgers/client && vagrant ssh
2. Connect client to VPN (in client vm): ./connect.sh
3. Open another shell to ssh to router1 attacker node (base host): cd virt-lab/routers/router1 && vagrant ssh
4. On the attack router vm navigate to dns inject folder: cd vpn-attacks/server-side-attack/dns-sside/full_scan/
5. Compile full attack script (attacker): make
6. Issue DNS lookup from client vm: nslookup test.com 192.168.3.2
7. Start inject script from attacker node: ./inject_test.sh

Teardown

1. Stop all the VMs: ./stop_all.sh
2. Destroii all VMs in our path: ./destroy_all.sh