You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 
william 952d163f38 Delete 'pcaps/README.md' 4 years ago
..
diagrams adding original attack test scripts and demos 4 years ago
edgers adding original attack test scripts and demos 4 years ago
routers adding original attack test scripts and demos 4 years ago
virt-lab adding original attack test scripts and demos 4 years ago
README.md adding original attack test scripts and demos 4 years ago
boot_all.sh adding original attack test scripts and demos 4 years ago
destroy_all.sh adding original attack test scripts and demos 4 years ago
start_all.sh adding original attack test scripts and demos 4 years ago
stop_all.sh adding original attack test scripts and demos 4 years ago

README.md

virt-lab

VM lab environment for testing on-path VPN attacks

Requirements

  • Virtualbox (5.2 or older)
  • Vagrant 2.2.x

Setup base virtual network

  1. Start all 6 VMs (3 routers and 3 edge nodes): cd virt-lab; ./boot_all.sh
  2. Go do something else cause its gonna take a while..
  3. ssh to some machine:
  • ssh by port: ssh -l vagrant localhost -p 22111
  • ssh with vagrant: cd edgers/vpn-server/; vagrant ssh or cd <path-to-vagrantfile>; vagrant ssh
  1. Restart all the machines to make network changes take effect: ./stop_all.sh then ./start_all.sh
  2. Make sure edge nodes can ping eachother: ping 192.168.3.2

picture

Build VPN server

  1. Copy setup scripts to vpn server VM: cd virt-lab/edgers/vpn-server; ./copy_vpn_setup.sh
  2. Ssh to vpn server VM: cd virt-lab/edgers/vpn-server; vagrant ssh
  3. Run interactive script to setup vm as a OpenVPN server: ./setup_vpn.sh
  • Keep hitting Enter or y to leave all default values
  1. Run script to generate client config file: ./make_client_configs.sh

Connect client to VPN server

  1. Run script to copy client1 config file from vpn server to client vm: cd virt-lab/edgers/client; ./copy_client_config.sh
  2. Ssh to the client VM: cd virt-lab/edgers/client; vagrant ssh
  3. Install OpenVPN on the client vm: ./connect.sh
  4. Connect to the local vpn server: sudo openvpn --client --config client1.ovpn &

Setup DNS server on "web-server" node

  1. Run script to copy dns setup scripts to vm: cd virt-lab/edgers/web-server; ./copy_dns_setup.sh
  2. Ssh to server vm: cd virt-lab/edgers/web-server; vagrant ssh
  3. Run docker install script: ./install_docker.sh
  4. Start the dns bind docker container: ./start_dns.sh (may need to log back in for new docker permissions)
  5. Check to make sure its alivee: docker ps or docker logs bind

Setup attack router for dns inject attack

  1. Start script to copy attacker setup to vm: cd virt-lab/routers/router1; ./copy_attacker_setup.sh
  2. Ssh to router vm: cd virt-lab/routers/router1; vagrant ssh
  3. Run the setup script to install spoofing libraries and repo: ./setup_attacker.sh
  4. Change to dns attack folder: cd VeepExploit/server-side-attack/dns-sside/full_scan
  5. Compile the attack script: make
  6. Run the attack: sudo ./uud_send <dns_server_ip> <src_port (53)> <vpn_server_ip> <start_port> <end_port>

Test the DNS Injection

  1. Either run the overload script or simply turn off the local DNS server to ensure the real responses do not beat our injected responses: docker stop bind (on web-server VM)
  2. Query for our test domain from the VPN client node: nslookup yo.com 192.168.3.2 (yo.com is hardcoded as the domain name response in the injection script)3. Make sure there is a conntrack entry on the VPN server for our clients lookup: sudo conntrack -L | grep 192.168.3.2 | grep udp
  3. Start the injection script from the attack node once the client has issued the request: sudo ./uud_send 192.168.3.2 53 192.168.2.2 32000 62000

Teardown

  1. Stop all the VMs: ./stop_all.sh
  2. Destroii all VMs in our path: ./destroy_all.sh