Search the Community

Hello all, first post here on the forms... I am having an issue with my ufw rules on routing vpn traffic to/from my LAN. I followed the “OpenVPN from scratch” and changed the server.conf to allow LAN resource sharing over my tun0 connection. I included what I added in the server.conf file. If I disable the ufw service, I can successfully share my resources over my vpn connection. My issue is that, I lack the true ufw-fu... I have looked into the wild and found some iptables rules that look solid, but I do not yet have the experience to translate them into a usable ufw format... I want to learn and know this is platform. ———————MyConfigs——————— nano server.conf dh2048.pem dev tun topology subnet 10.8.0.0 255.255.255.0 redirect-gateway DNS (change DNS addresses to google) 8.8.8.8 8.8.4.4 nobody (user and group) push "route 192.168.1.0 255.255.255.0" save nano /etc/sysctl.conf uncomment net.ipv4.ip_forward save ufw allow 1194/udp nano /etc/default/ufw change DEFAULT_FORWARD_POLICY="ACCEPT" save nano /etc/ufw/before.rules add the follow toward the top: *nat :POSTROUTING ACCEPT [0.0] -A POSTROUTING -s 10.8.0.0/8 -o ens33 -j MASQUERADE COMMIT save ufw status ufw enable y ufw status https://m.youtube.com/watch?v=XcsQdtsCS1U&autoplay=1 ———————MyConfigs——————— ———————FromTheWild——————— # Allow traffic initiated from VPN to access LAN iptables -I FORWARD -i tun0 -o eth0 -s 10.8.0.0/24 -d 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT # Allow traffic initiated from VPN to access "the world" iptables -I FORWARD -i tun0 -o eth1 -s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT # Allow traffic initiated from LAN to access "the world" iptables -I FORWARD -i eth0 -o eth1 -s 192.168.1.0/24 -m conntrack --ctstate NEW -j ACCEPT # Allow established traffic to pass back and forth iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT # Notice that -I is used, so when listing it (iptables -vxnL) it # will be reversed. This is intentional in this demonstration. # Masquerade traffic from VPN to "the world" -- done in the nat table iptables -t nat -I POSTROUTING -o eth1 -s 10.8.0.0/24 -j MASQUERADE # Masquerade traffic from LAN to "the world" iptables -t nat -I POSTROUTING -o eth1 -s 192.168.1.0/24 -j MASQUERADE https://community.openvpn.net/openvpn/wiki/BridgingAndRouting ———————FromTheWild———————

Hi guys, Anyone know how I can get shell access in using any modern browsers (Chrome, IE, Firefox, etc. so that the browser doesn't bitch at me and say I need to upgrade to latest browser version) by browsing to a URL? I tried putting a malicious iframe on my evil portal and using these exploits: auxiliary/server/browser_autopwn, auxiliary/server/browser_autopwn2. I even tried downgrading to IE 8 then using the exploit: exploit/windows/browser/ms10_002_aurora. But so far I got nothing. :( No meterpreter sessions. This is for a presentation, by the way. Any of you guys suggest a different way? I am desperate. Wait not really. Just really frustrated. Hope someone can help. Thanks in advance!

Help, I made this keylogger software in which I want to make a Rubber Ducky Keylogger automatic. Is there anyway for me to make the duck run the keylogger or just simplycan anyone give a keylogger payload P.S. I don't want the script to download some files and stuff just plain run