You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
william
ce49e0e6e3
|
4 years ago | |
---|---|---|
.. | ||
diagrams | 4 years ago | |
edgers | 4 years ago | |
routers | 4 years ago | |
virt-lab | 4 years ago | |
README.md | 4 years ago | |
boot_all.sh | 4 years ago | |
destroy_all.sh | 4 years ago | |
start_all.sh | 4 years ago | |
stop_all.sh | 4 years ago |
README.md
virt-lab
VM lab environment for testing on-path VPN attacks
Requirements
- Virtualbox (5.2 or older)
- Vagrant 2.2.x
Setup base virtual network
- Start all 6 VMs (3 routers and 3 edge nodes):
cd virt-lab; ./boot_all.sh
- Go do something else cause its gonna take a while..
- ssh to some machine:
- ssh by port:
ssh -l vagrant localhost -p 22111
- ssh with vagrant:
cd edgers/vpn-server/; vagrant ssh
orcd <path-to-vagrantfile>; vagrant ssh
- Restart all the machines to make network changes take effect:
./stop_all.sh
then./start_all.sh
- Make sure edge nodes can ping eachother:
ping 192.168.3.2
Build VPN server
- Copy setup scripts to vpn server VM:
cd virt-lab/edgers/vpn-server; ./copy_vpn_setup.sh
- Ssh to vpn server VM:
cd virt-lab/edgers/vpn-server; vagrant ssh
- Run interactive script to setup vm as a OpenVPN server:
./setup_vpn.sh
- Keep hitting
Enter
ory
to leave all default values
- Run script to generate client config file:
./make_client_configs.sh
Connect client to VPN server
- Run script to copy
client1
config file from vpn server to client vm:cd virt-lab/edgers/client; ./copy_client_config.sh
- Ssh to the client VM:
cd virt-lab/edgers/client; vagrant ssh
- Install OpenVPN on the client vm:
./connect.sh
- Connect to the local vpn server:
sudo openvpn --client --config client1.ovpn &
Setup DNS server on "web-server" node
- Run script to copy dns setup scripts to vm:
cd virt-lab/edgers/web-server; ./copy_dns_setup.sh
- Ssh to server vm:
cd virt-lab/edgers/web-server; vagrant ssh
- Run docker install script:
./install_docker.sh
- Start the dns bind docker container:
./start_dns.sh
(may need to log back in for new docker permissions) - Check to make sure its alivee:
docker ps
ordocker logs bind
Setup attack router for dns inject attack
- Start script to copy attacker setup to vm:
cd virt-lab/routers/router1; ./copy_attacker_setup.sh
- Ssh to router vm:
cd virt-lab/routers/router1; vagrant ssh
- Run the setup script to install spoofing libraries and repo:
./setup_attacker.sh
- Change to dns attack folder:
cd VeepExploit/server-side-attack/dns-sside/full_scan
- Compile the attack script:
make
- Run the attack:
sudo ./uud_send <dns_server_ip> <src_port (53)> <vpn_server_ip> <start_port> <end_port>
Test the DNS Injection
- Either run the overload script or simply turn off the local DNS server to ensure the real responses do not beat our injected responses:
docker stop bind
(on web-server VM) - Query for our test domain from the VPN client node:
nslookup yo.com 192.168.3.2
(yo.com
is hardcoded as the domain name response in the injection script)3. Make sure there is aconntrack
entry on the VPN server for our clients lookup:sudo conntrack -L | grep 192.168.3.2 | grep udp
- Start the injection script from the attack node once the client has issued the request:
sudo ./uud_send 192.168.3.2 53 192.168.2.2 32000 62000
Teardown
- Stop all the VMs:
./stop_all.sh
- Destroii all VMs in our path:
./destroy_all.sh