secres:notes
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| secres:notes [2019/11/06 09:59] – orel | secres:notes [2024/03/18 15:06] (current) – external edit 127.0.0.1 | ||
|---|---|---|---|
| Line 132: | Line 132: | ||
| {{ secres: | {{ secres: | ||
| + | |||
| + | == Nouveautés 2020-2021 == | ||
| + | |||
| + | Une nouvelle vulnerabilite se trouve sur nile : il s'agit d'un *vsftpd* avec une backdoor. La backdoor est decrite ci-dessous. | ||
| + | |||
| + | https:// | ||
| + | |||
| + | Attention, une fois l' | ||
| + | |||
| + | Par ailleurs, la commande suivante permet de scanner 192.168.1.2 et de trouver s'il y a des services vulnerables et de proposer dans la foulée l' | ||
| + | |||
| + | nmap -sS 192.168.1.2 -vv --script vuln | ||
| ==4) D' | ==4) D' | ||
| Line 929: | Line 941: | ||
| + | ==== OpenVPN ==== | ||
| + | |||
| + | On commence par générer les certificats comme indiqué sur la feuille de TD : | ||
| + | |||
| + | * CN=server sur immortal | ||
| + | * CN=client1 sur nile | ||
| + | * CN=client2 sur dt | ||
| + | |||
| + | == VPN (niveau 3) == | ||
| + | |||
| + | Mise en oeuvre d'un VPN de niveau 3 (IP, interface tun) entre immortal (server, 172.16.0.2) et nile (client1, 10.0.0.2). | ||
| + | |||
| + | On va ensuite lancer le serveur manuellement avec la commande : | ||
| + | |||
| + | < | ||
| + | ### sur immortal (server) | ||
| + | $ openvpn --dev tun1 --ifconfig 10.0.1.1 10.0.1.2 --tls-server | ||
| + | --dh server-dh.pem --ca ca-cert.pem --cert server-cert.pem | ||
| + | --key server-key.pem --reneg-sec 60 --verb 5 | ||
| + | |||
| + | # ... | ||
| + | # Initialization Sequence Completed | ||
| + | |||
| + | $ ifconfig | ||
| + | tun1: flags=4305< | ||
| + | inet 10.0.1.1 | ||
| + | inet6 fe80:: | ||
| + | unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 | ||
| + | RX packets 0 bytes 0 (0.0 B) | ||
| + | RX errors 0 dropped 0 overruns 0 frame 0 | ||
| + | TX packets 2 bytes 96 (96.0 B) | ||
| + | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | ||
| + | |||
| + | |||
| + | ### sur nile (client1) | ||
| + | $ openvpn --remote 172.16.0.2 --dev tun1 --ifconfig 10.0.1.2 10.0.1.1 \ | ||
| + | --tls-client --ca ca-cert.pem --cert client1-cert.pem | ||
| + | --key client1-key.pem --reneg-sec 60 --verb 5 | ||
| + | |||
| + | # ... | ||
| + | # Initialization Sequence Completed | ||
| + | |||
| + | $ ifconfig | ||
| + | tun1: flags=4305< | ||
| + | inet 10.0.1.2 | ||
| + | inet6 fe80:: | ||
| + | unspec 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00 | ||
| + | RX packets 3 bytes 176 (176.0 B) | ||
| + | RX errors 0 dropped 0 overruns 0 frame 0 | ||
| + | TX packets 8 bytes 416 (416.0 B) | ||
| + | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | ||
| + | |||
| + | </ | ||
| + | |||
| + | Y'a plus qu'à tester avec un ping entre nile et immortal avec les IPs du VPN (10.0.1.1 et 10.0.1.2). Le paquet IP/ICMP est routé sur l' | ||
| + | |||
| + | Faisons un ping de nile vers immortal avec les adresses du VPN : | ||
| + | |||
| + | < | ||
| + | nile $ ping 10.0.1.1 | ||
| + | PING 10.0.1.1 (10.0.1.1) 56(84) bytes of data. | ||
| + | 64 bytes from 10.0.1.1: icmp_seq=1 ttl=64 time=3.50 ms | ||
| + | 64 bytes from 10.0.1.1: icmp_seq=2 ttl=64 time=3.72 ms | ||
| + | 64 bytes from 10.0.1.1: icmp_seq=3 ttl=64 time=1.44 ms | ||
| + | ... | ||
| + | </ | ||
| + | |||
| + | On reçoit bien le ping sur immortal d' | ||
| + | |||
| + | < | ||
| + | immortal $ tcpdump -i eth1 | ||
| + | 11: | ||
| + | 11: | ||
| + | immortal $ tcpdump -i tun1 | ||
| + | 11: | ||
| + | 11: | ||
| + | </ | ||
| + | |||
| + | |||
| + | == VPN (niveau 2) == | ||
| + | |||
| + | Nous allons mettre en place un VPN de niveau 2 (Ethernet) qui va étendre le LAN 192.168.0.0/ | ||
| + | |||
| + | <code text server.conf> | ||
| + | port 1194 | ||
| + | proto udp | ||
| + | dev tap0 | ||
| + | script-security 3 #system | ||
| + | up /root/up.sh | ||
| + | down / | ||
| + | ca ca-cert.pem | ||
| + | cert server-cert.pem | ||
| + | key server-key.pem | ||
| + | dh server-dh.pem | ||
| + | ifconfig-pool-persist ipp.txt | ||
| + | # | ||
| + | verify-x509-name " | ||
| + | client-to-client | ||
| + | # Les adresses allant de .100 to .200 sont r´eserv´ees aux clients VPN. | ||
| + | server-bridge 192.168.0.1 255.255.255.0 192.168.0.100 192.168.0.200 | ||
| + | # Ajout d’une route sp´ecifique vers le r´eseau 140.77.13.0/ | ||
| + | push "route 212.27.48.0 255.255.255.0 192.168.0.1" | ||
| + | keepalive 10 120 | ||
| + | comp-lzo | ||
| + | persist-key | ||
| + | persist-tun | ||
| + | status openvpn-status.log | ||
| + | verb 3 | ||
| + | </ | ||
| + | |||
| + | On rajoute également les fichiers /root/up.sh et / | ||
| + | |||
| + | < | ||
| + | $ openvpn --config server.conf | ||
| + | # ... | ||
| + | # Initialization Sequence Completed | ||
| + | |||
| + | $ ifconfig | ||
| + | tap0: flags=4419< | ||
| + | inet6 fe80:: | ||
| + | ether da: | ||
| + | RX packets 0 bytes 0 (0.0 B) | ||
| + | RX errors 0 dropped 0 overruns 0 frame 0 | ||
| + | TX packets 27 bytes 2210 (2.1 KiB) | ||
| + | TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 | ||
| + | |||
| + | </ | ||
| + | |||
| + | Configurons maintenant le client1 sur nile... | ||
| + | |||
| + | <code text client1.conf> | ||
| + | client | ||
| + | dev tap | ||
| + | proto udp | ||
| + | remote 172.16.0.2 1194 | ||
| + | nobind | ||
| + | persist-key | ||
| + | persist-tun | ||
| + | ca ca-cert.pem | ||
| + | cert client1-cert.pem | ||
| + | key client1-key.pem | ||
| + | verify-x509-name " | ||
| + | comp-lzo | ||
| + | verb 3 | ||
| + | lladdr AA: | ||
| + | </ | ||
| + | |||
| + | Puis démarrons le client VPN, on récupère normalement sur l' | ||
| + | |||
| + | < | ||
| + | $ openvpn --config client1.conf | ||
| + | </ | ||
| + | à compléter... | ||
| ==== SSH et Progammation avec OpenSSL ==== | ==== SSH et Progammation avec OpenSSL ==== | ||
secres/notes.1573034373.txt.gz · Last modified: 2024/03/18 15:05 (external edit)