Jump to content

HearNoEvil

Active Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Posts posted by HearNoEvil

    Virtualization And File Server Combined

    in Questions

    Posted

    I use ESXi for my home virtualisation platform, my only gripe with it is that you have to use a Windows machine for the vsphere client as it does not run on any other platform (WINE either FYI). I run it on a dell Optiplex gx 620.

    I haven't used ProxMox but I have heard good things about it, and tbh I would rather use ESXi at home as we use it at work as well.

    I also have the Optiplex GX620, and was thinking of using it for Proxmox VE, however, since the CPU needs to support Intel VT, I couldn't do it with the D840 CPU that was already installed, after some research, if you ever plan on using that machine for Proxmox VE, you would need the D960 CPU, and probably a better heat sink.

    After using Proxmox VE on a custom computer based on the i3 CPU, I can say that it really easy to use. Here is my experience with it:

    Creating Windows machines was easy enough with the right slip streamed ISO created with Nlite. My intention was to build a virtual network to test Metasploit and fun tools like Nmap, but I noticed that the virtual machines showed up on my home network and used my home router to obtain their IP addresses. Darren said in the show that he got a dedicated line for "The Hacker Challenge", I wonder if their is a way to put these virtual machines on a different subnet to isolate them from my home network, that way I dont have to worry about doing some accidental DOS attacks against my roommates. That is probrably a configuration thing that I'll have to deal with later... Also, Proxmox VE uses VNC to tap into the virtual machines. I have not been successful as of yet in trying a standalone client that can directly access them, without having to log into the web based GUI (I tried TightVNC etc...). It would also be nice if I can remotely access these virtual machines from outside my home network. I guess I could use Team Viewer or possibly LogMeIn Hamachi... Anyway, just my two cents.

    Introduce yourself

    in Everything Else

    Posted

    Just thought I'd jump on the bandwagon, and open myself up for some social engineering... :lol:

    Name: Unknown (Still thinking of a good handle)

    Favorite game: Call of Duty 4 (yes, I know it's old)

    Favorite Windows OS: Windows XP Professional, if(Windows7 == Trash && Vista == Trash){cout << "Hell Yeah!";}

    Favorite Linux Distro: Backtrack 4 R2

    Favorite console: XBOX360 (LBDANKSTER)

    Sex: Male

    Age: 29+

    Race: Hispanic

    Height: 6 feet

    Status: Student, Major CIS - Information Security

    Favourite band: Sublime

    Favourite book: The Richest Man in Babylon

    Favourite movie: Scarface

    Favourite TV Show: South Park

    Other hobbies: Web Design, HTML, CSS, Javascript, C++, Networking, Information Security

    Current projects: Interceptor on MR3202A, brush up on Linux commands, and bash scripting!

    Future projects: Quadrocopter UAV powered by Linux, Wifi Pineapple, Arduino, 3G, onboard camera, GPS...

    Trust your Technolust!

    Problems Installing Interceptor On The Mr3202a Router

    in Interceptor

    Posted

    If the configuration is correct, this could be a hardware problem. The seller I bought this router from had this to say...

    RE: openWRT

    "it is not detecting the Infineon switch chip correctly I think. So the two Ethernet ports are simply switch together on the same switch VLAN."

    RE: Interceptor setup

    "The only thing that might not work is the how the switch chip is setup, if both ports are on the trunk VLAN then they get all the traffic. I've attached the ADM6996 spec (that is the chipset it uses for the Ethernet switch). I've got some code we did at my last company which should be opensourced for that chip that sets it up split into two VLAN's."

    Also, I installed tcpdump from the openWRT kamikaze atheros packages to the router, and it was not seeing any packets on br-lan, and only arp packets from eth0 when I ssh into the device and run tcpdump -i br-lan etc..

    When I run /etc/init.d/interceptor start, I get "device eth0.1 is already a member of a bridge; can't enslave it to bridge br-lan"

    Also, is it normal that eth0.1, eth0.0, eth0 and br-lan all share the same mac address??

    I can ssh into it via wifi, the target computer can surf the web, the device is invisible on the network, vpn tunnel seems to work, I get tap0 interface with deamonlogger, yet no packets... bummer!

    Problems Installing Interceptor On The Mr3202a Router

    in Interceptor

    Posted

    That output looks fine to me, you sure its not working now?

    I reflashed the router, and did the entire install again. This time NO ERROR MESSAGES!!!

    What I did differently was reboot the device after installing openWRT, and again after installing the packages. Also, no wireless encryption.

    When I SSH into the router and run ifconfig, eth0.0 and eth0.1 now appears, which was not there before. This may explain why the bridge was not working the first time around.

    I want to say the interceptor is working, but every time I try tcpdump or wireshark to tap0, all I get is ARP request. I am hooking up the home router to the WAN port (no devices in between), and my test computer (Windows 7 64 bit, no firewall) is connected to the LAN port (no devices in between). My laptop running Backtrack 4 R2 (which has no firewall by default if I'm not mistaken) and is connecting via WIFI. My home network is using a standard 192.168.1.X setup if that makes any difference.

    Here are my configuration files from the MR3202A router, and the output of ./startup.sh from my wireless laptop.

    ################### IFCONFIG #########################################

    ath0 Link encap:Ethernet HWaddr 00:12:CF:9B:58:F4

    inet addr:10.255.255.254 Bcast:10.255.255.255 Mask:255.0.0.0

    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    RX packets:1342 errors:0 dropped:0 overruns:0 frame:0

    TX packets:485 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:0

    RX bytes:126306 (123.3 KiB) TX bytes:68064 (66.4 KiB)

    br-lan Link encap:Ethernet HWaddr 00:12:CF:9B:58:F3

    inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0

    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    RX packets:0 errors:0 dropped:0 overruns:0 frame:0

    TX packets:7 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:0

    RX bytes:0 (0.0 B) TX bytes:654 (654.0 B)

    eth0 Link encap:Ethernet HWaddr 00:12:CF:9B:58:F3

    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    RX packets:3017 errors:0 dropped:0 overruns:0 frame:0

    TX packets:0 errors:13 dropped:13 overruns:0 carrier:13

    collisions:0 txqueuelen:1000

    RX bytes:653218 (637.9 KiB) TX bytes:1947 (1.9 KiB)

    Interrupt:4 Base address:0x1000

    eth0.0 Link encap:Ethernet HWaddr 00:12:CF:9B:58:F3

    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    RX packets:0 errors:0 dropped:0 overruns:0 frame:0

    TX packets:7 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:0

    RX bytes:0 (0.0 B) TX bytes:682 (682.0 B)

    eth0.1 Link encap:Ethernet HWaddr 00:12:CF:9B:58:F3

    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    RX packets:0 errors:0 dropped:0 overruns:0 frame:0

    TX packets:3 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:0

    RX bytes:0 (0.0 B) TX bytes:138 (138.0 B)

    lo Link encap:Local Loopback

    inet addr:127.0.0.1 Mask:255.0.0.0

    UP LOOPBACK RUNNING MTU:16436 Metric:1

    RX packets:0 errors:0 dropped:0 overruns:0 frame:0

    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:0

    RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)

    wifi0 Link encap:UNSPEC HWaddr 00-12-CF-9B-58-F4-00-00-00-00-00-00-00-00-00-00

    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1

    RX packets:9174 errors:0 dropped:0 overruns:0 frame:3881

    TX packets:802 errors:4 dropped:0 overruns:0 carrier:0

    collisions:0 txqueuelen:195

    RX bytes:1958316 (1.8 MiB) TX bytes:113675 (111.0 KiB)

    Interrupt:3 Memory:b0000000-b00ffffc

    ####################### etc/init.d/interceptor ####################################

    #!/bin/sh /etc/rc.common

    start() {

    ifconfig ath0 10.255.255.254 up

    ifconfig br-lan 192.168.1.1

    brctl addif br-lan eth0.1

    }

    stop() {

    echo "Nothing to do"

    }

    ######################## etc/config/wireless #########################################

    config wifi-device wifi0

    option type atheros

    option channel auto

    # REMOVE THIS LINE TO ENABLE WIFI:

    # option disabled 1

    config wifi-iface

    option device wifi0

    option mode ap

    option ssid interceptor

    option encryption none

    ######################### etc/config/network #######################################

    config 'interface' 'loopback'

    option 'ifname' 'lo'

    option 'proto' 'static'

    option 'ipaddr' '127.0.0.1'

    option 'netmask' '255.0.0.0'

    config 'interface' 'lan'

    option 'type' 'bridge'

    option 'proto' 'static'

    option 'ipaddr' '192.168.1.1'

    option 'netmask' '255.255.255.0'

    option 'ifname' 'eth0.0'

    config 'interface' 'wan'

    option 'ifname' 'eth0.1'

    ####################################################################################

    root@bt:~# ./startup.sh

    Starting vpn server

    Giving server chance to start

    Sat Feb 19 17:31:32 2011 OpenVPN 2.1_rc11 i486-pc-linux-gnu [sSL] [LZO2] [EPOLL] [PKCS11] built on Oct 15 2008

    Sat Feb 19 17:31:32 2011 Diffie-Hellman initialized with 1024 bit key

    Sat Feb 19 17:31:32 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted>

    Sat Feb 19 17:31:32 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

    Sat Feb 19 17:31:32 2011 TUN/TAP device tap0 opened

    Sat Feb 19 17:31:32 2011 TUN/TAP TX queue length set to 100

    Sat Feb 19 17:31:32 2011 /sbin/ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255

    Sat Feb 19 17:31:32 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

    Sat Feb 19 17:31:32 2011 GID set to root

    Sat Feb 19 17:31:32 2011 UID set to root

    Sat Feb 19 17:31:32 2011 Socket Buffers: R=[112640->131072] S=[112640->131072]

    Sat Feb 19 17:31:32 2011 UDPv4 link local (bound): [undef]:1194

    Sat Feb 19 17:31:32 2011 UDPv4 link remote: [undef]

    Sat Feb 19 17:31:32 2011 MULTI: multi_init called, r=256 v=256

    Sat Feb 19 17:31:32 2011 IFCONFIG POOL: base=10.8.0.2 size=253

    Sat Feb 19 17:31:32 2011 IFCONFIG POOL LIST

    Sat Feb 19 17:31:32 2011 client1,10.8.0.2

    Sat Feb 19 17:31:32 2011 Initialization Sequence Completed

    Starting remote services

    root@10.255.255.254's password:

    Sat Feb 19 17:31:00 UTC 2011

    Sat Feb 19 17:31:06 2011 OpenVPN 2.0.9 mips-linux [sSL] [LZO] built on May 17 2009

    Sat Feb 19 17:31:06 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

    Sat Feb 19 17:31:06 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

    Sat Feb 19 17:31:07 2011 LZO compression initialized

    Sat Feb 19 17:31:07 2011 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

    Sat Feb 19 17:31:50 2011 MULTI: multi_create_instance called

    Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Re-using SSL/TLS context

    Sat Feb 19 17:31:50 2011 10.255.255.254:33751 LZO compression initialized

    Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

    Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

    Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Local Options hash (VER=V4): 'f7df56b8'

    Sat Feb 19 17:31:50 2011 10.255.255.254:33751 Expected Remote Options hash (VER=V4): 'd79ca330'

    Sat Feb 19 17:31:50 2011 10.255.255.254:33751 TLS: Initial packet from 10.255.255.254:33751, sid=de055d50 fe2f91ec

    Sat Feb 19 17:31:07 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

    Sat Feb 19 17:31:07 2011 Local Options hash (VER=V4): 'd79ca330'

    Sat Feb 19 17:31:07 2011 Expected Remote Options hash (VER=V4): 'f7df56b8'

    Sat Feb 19 17:31:07 2011 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay

    Sat Feb 19 17:31:07 2011 UDPv4 link local: [undef]

    Sat Feb 19 17:31:07 2011 UDPv4 link remote: 10.255.255.253:1194

    Sat Feb 19 17:31:07 2011 TLS: Initial packet from 10.255.255.253:1194, sid=61289952 209be1c7

    Sat Feb 19 17:31:07 2011 VERIFY OK: depth=1, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=Interceptor_CA/emailAddress=bob@bobstories.com

    Sat Feb 19 17:31:07 2011 VERIFY OK: depth=0, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=server/emailAddress=bob@bobstories.com

    Sat Feb 19 17:31:51 2011 10.255.255.254:33751 VERIFY OK: depth=1, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=Interceptor_CA/emailAddress=bob@bobstories.com

    Sat Feb 19 17:31:51 2011 10.255.255.254:33751 VERIFY OK: depth=0, /C=GB/ST=XX/L=NinjaLand/O=Interceptor/CN=client1/emailAddress=bob@bobstories.com

    Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

    Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

    Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

    Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

    Sat Feb 19 17:31:08 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

    Sat Feb 19 17:31:08 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

    Sat Feb 19 17:31:08 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

    Sat Feb 19 17:31:08 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

    Sat Feb 19 17:31:51 2011 10.255.255.254:33751 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

    Sat Feb 19 17:31:51 2011 10.255.255.254:33751 [client1] Peer Connection Initiated with 10.255.255.254:33751

    Sat Feb 19 17:31:08 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

    Sat Feb 19 17:31:08 2011 [server] Peer Connection Initiated with 10.255.255.253:1194

    Sat Feb 19 17:31:09 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

    Sat Feb 19 17:31:52 2011 client1/10.255.255.254:33751 PUSH: Received control message: 'PUSH_REQUEST'

    Sat Feb 19 17:31:52 2011 client1/10.255.255.254:33751 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)

    Sat Feb 19 17:31:09 2011 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'

    Sat Feb 19 17:31:09 2011 OPTIONS IMPORT: timers and/or timeouts modified

    Sat Feb 19 17:31:09 2011 OPTIONS IMPORT: --ifconfig/up options modified

    Sat Feb 19 17:31:09 2011 OPTIONS IMPORT: route options modified

    Sat Feb 19 17:31:09 2011 TUN/TAP device tap0 opened

    Sat Feb 19 17:31:09 2011 /sbin/ifconfig tap0 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255

    Sat Feb 19 17:31:09 2011 GID set to nogroup

    Sat Feb 19 17:31:09 2011 UID set to nobody

    Sat Feb 19 17:31:09 2011 Initialization Sequence Completed

    [-] Daemon mode set

    [-] Interface set to br-lan

    [-] Log filename set to "daemonlogger.pcap"

    [-] Tap output interface set to tap0[-] Pidfile configured to "daemonlogger.pid"

    [-] Pidpath configured to "/var/run"

    [-] Rollover size set to 2147483648 bytes

    [-] Rollover time configured for 0 seconds

    [-] Pruning behavior set to oldest IN DIRECTORY

    -*> DaemonLogger <*-

    Version 1.2.1

    By Martin Roesch

    © Copyright 2006-2007 Sourcefire Inc., All rights reserved

    Problems Installing Interceptor On The Mr3202a Router

    in Interceptor

    Posted

    As soon as you get errors like 1, 2 and 3 it means that something is wrong. There is no point trying to continue when number 1 failed there as it is unlikely the rest of the setup will work.

    1. There is no bridge interface, either something else failed or you didn't set one up

    2. The config file doesn't exist, you need to create it and set it up so that it has the details for the AP. You'll find plenty of example config files to base this on if you google wpa config file

    3. don't know but it won't work at this point anyway as you don't have a network connection or bridge.

    Thanks Digininja,

    Ok, so I created a wpa_suppliment.conf file, which fixed problem number 2. Now I can forget about WICD and connect wirelessly to the MR3202A router using the Konsole. I also have to give thanks to Mr_Protocol, as I edited the server.conf file and changed "user nobody" and "group nobody" to "user root" and "group root", which fixed problem 3, and created tap0 without any problems.

    As far as bridging the LAN and WAN interfaces are concerned, I am still stumped. This seems to be the only thing that is stopping me from using the interceptor properly. Below is a printout of my configuration files:

    /etc/config/wireless (on MR3202A router)

    config wifi-device wifi0

    option type atheros

    option channel auto

    option disabled 0

    config wifi-iface

    option device wifi0

    option mode ap

    option ssid interceptor

    option encryption wpa

    option key 'stupid123'

    /etc/config/network (on MR3202A router)

    config 'interface' 'loopback'

    option 'ifname' 'lo'

    option 'proto' 'static'

    option 'ipaddr' '127.0.0.1'

    option 'netmask' '255.0.0.0'

    config 'interface' 'lan'

    option 'type' 'bridge'

    option 'proto' 'static'

    # Remove this file when using for real so the bridge won't accidentally

    option 'ipaddr' '192.168.1.1'

    option 'netmask' '255.255.255.0'

    option 'ifname' 'eth0.0'

    config 'interface' 'wan'

    option 'ifname' 'eth0.1'

    contents of wpa_suppliment.conf

    ctrl_interface=/var/run/wpa_supplicant

    #ap_scan=2

    network={

    ssid="interceptor"

    scan_ssid=1

    proto=WPA RSN

    key_mgmt=WPA-PSK

    pairwise=CCMP TKIP

    group=CCMP TKIP

    psk=aaf08d65b637f88e6d76ab7cbe5c4071a67ed4b99ea1374bb9bc6241214c1de0

    }

    // This is what displays after running ./startup.sh

    Starting vpn server

    Giving server chance to start

    Thu Feb 17 22:02:43 2011 OpenVPN 2.1_rc11 i486-pc-linux-gnu [sSL] [LZO2] [EPOLL]

    [PKCS11] built on Oct 15 2008

    Thu Feb 17 22:02:43 2011 Diffie-Hellman initialized with 1024 bit key

    Thu Feb 17 22:02:43 2011 /usr/bin/openssl-vulnkey -q -b 1024 -m <modulus omitted

    >

    Thu Feb 17 22:02:43 2011 TLS-Auth MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0

    ]

    Thu Feb 17 22:02:43 2011 TUN/TAP device tap0 opened

    Thu Feb 17 22:02:43 2011 TUN/TAP TX queue length set to 100

    Thu Feb 17 22:02:43 2011 /sbin/ifconfig tap0 10.8.0.1 netmask 255.255.255.0 mtu

    1500 broadcast 10.8.0.255

    Thu Feb 17 22:02:43 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:

    32 EL:0 AF:3/1 ]

    Thu Feb 17 22:02:43 2011 GID set to root

    Thu Feb 17 22:02:43 2011 UID set to root

    Thu Feb 17 22:02:43 2011 Socket Buffers: R=[112640->131072] S=[112640->131072]

    Thu Feb 17 22:02:43 2011 UDPv4 link local (bound): [undef]:1194

    Thu Feb 17 22:02:43 2011 UDPv4 link remote: [undef]

    Thu Feb 17 22:02:43 2011 MULTI: multi_init called, r=256 v=256

    Thu Feb 17 22:02:43 2011 IFCONFIG POOL: base=10.8.0.2 size=253

    Thu Feb 17 22:02:43 2011 IFCONFIG POOL LIST

    Thu Feb 17 22:02:43 2011 client1,10.8.0.2

    Thu Feb 17 22:02:43 2011 Initialization Sequence Completed

    Thu Feb 17 22:02:45 2011 MULTI: multi_create_instance called

    Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Re-using SSL/TLS context

    Thu Feb 17 22:02:45 2011 10.255.255.254:56994 LZO compression initialized

    Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

    Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Data Channel MTU parms [ L:1574 D: 1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

    Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Local Options hash (VER=V4): 'f7df 56b8'

    Thu Feb 17 22:02:45 2011 10.255.255.254:56994 Expected Remote Options hash (VER= V4): 'd79ca330'

    Thu Feb 17 22:02:45 2011 10.255.255.254:56994 TLS: Initial packet from 10.255.25 5.254:56994, sid=7ad71d8e 59d09960

    Thu Feb 17 22:02:46 2011 10.255.255.254:56994 VERIFY OK: depth=1, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=Unknown/emailAddress=me@myhost.mydomain

    Thu Feb 17 22:02:46 2011 10.255.255.254:56994 VERIFY OK: depth=0, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=client1/emailAddress=me@myhost.mydomain

    Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

    Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

    Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

    Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

    Thu Feb 17 22:02:46 2011 10.255.255.254:56994 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

    Thu Feb 17 22:02:46 2011 10.255.255.254:56994 [client1] Peer Connection Initiated with 10.255.255.254:56994

    Thu Feb 17 22:02:47 2011 client1/10.255.255.254:56994 PUSH: Received control message: 'PUSH_REQUEST'

    Thu Feb 17 22:02:47 2011 client1/10.255.255.254:56994 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)

    Starting remote services

    root@10.255.255.254's password:

    Thu Feb 17 22:02:00 UTC 2011

    Thu Feb 17 22:02:00 2011 OpenVPN 2.0.9 mips-linux [sSL] [LZO] built on May 17 2009

    Thu Feb 17 22:02:00 2011 IMPORTANT: OpenVPN's default port number is now 1194, based on an official port number assignment by IANA. OpenVPN 2.0-beta16 and earlier used 5000 as the default port.

    Thu Feb 17 22:02:00 2011 WARNING: No server certificate verification method has been enabled. See http://openvpn.net/howto.html#mitm for more info.

    Thu Feb 17 22:02:00 2011 LZO compression initialized

    Thu Feb 17 22:02:00 2011 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

    Thu Feb 17 22:02:00 2011 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

    Thu Feb 17 22:02:00 2011 Local Options hash (VER=V4): 'd79ca330'

    Thu Feb 17 22:02:55 2011 MULTI: multi_create_instance called

    Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Re-using SSL/TLS context

    Thu Feb 17 22:02:55 2011 10.255.255.254:50666 LZO compression initialized

    Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Control Channel MTU parms [ L:1574 D:138 EF:38 EB:0 ET:0 EL:0 ]

    Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Data Channel MTU parms [ L:1574 D:1450 EF:42 EB:135 ET:32 EL:0 AF:3/1 ]

    Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Local Options hash (VER=V4): 'f7df56b8'

    Thu Feb 17 22:02:55 2011 10.255.255.254:50666 Expected Remote Options hash (VER=V4): 'd79ca330'

    Thu Feb 17 22:02:55 2011 10.255.255.254:50666 TLS: Initial packet from 10.255.255.254:50666, sid=01978ea9 b7e38470

    Thu Feb 17 22:02:00 2011 Expected Remote Options hash (VER=V4): 'f7df56b8'

    Thu Feb 17 22:02:00 2011 NOTE: UID/GID downgrade will be delayed because of --client, --pull, or --up-delay

    Thu Feb 17 22:02:00 2011 UDPv4 link local: [undef]

    Thu Feb 17 22:02:00 2011 UDPv4 link remote: 10.255.255.253:1194

    Thu Feb 17 22:02:00 2011 TLS: Initial packet from 10.255.255.253:1194, sid=47d1f7f8 284b8684

    Thu Feb 17 22:02:00 2011 VERIFY OK: depth=1, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=Unknown/emailAddress=me@myhost.mydomain

    Thu Feb 17 22:02:00 2011 VERIFY OK: depth=0, /C=US/ST=CA/L=SanFrancisco/O=Fort-Funston/CN=server/emailAddress=me@myhost.mydomain

    Thu Feb 17 22:02:56 2011 10.255.255.254:50666 VERIFY OK: depth=1, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=Unknown/emailAddress=me@myhost.mydomain

    Thu Feb 17 22:02:56 2011 10.255.255.254:50666 VERIFY OK: depth=0, /C=US/ST=CA/L=NinjaLand/O=Interceptor/CN=client1/emailAddress=me@myhost.mydomain

    Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

    Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

    Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

    Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

    Thu Feb 17 22:02:01 2011 Data Channel Encrypt: Cipher 'BF-CBC' initialized with 128 bit key

    Thu Feb 17 22:02:01 2011 Data Channel Encrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

    Thu Feb 17 22:02:01 2011 Data Channel Decrypt: Cipher 'BF-CBC' initialized with 128 bit key

    Thu Feb 17 22:02:01 2011 Data Channel Decrypt: Using 160 bit message hash 'SHA1' for HMAC authentication

    Thu Feb 17 22:02:56 2011 10.255.255.254:50666 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

    Thu Feb 17 22:02:56 2011 10.255.255.254:50666 [client1] Peer Connection Initiated with 10.255.255.254:50666

    Thu Feb 17 22:02:56 2011 MULTI: new connection by client 'client1' will cause previous active sessions by this client to be dropped. Remember to use the --duplicate-cn option if you want multiple clients using the same certificate or username to concurrently connect.

    Thu Feb 17 22:02:01 2011 Control Channel: TLSv1, cipher TLSv1/SSLv3 DHE-RSA-AES256-SHA, 1024 bit RSA

    Thu Feb 17 22:02:01 2011 [server] Peer Connection Initiated with 10.255.255.253:1194

    Thu Feb 17 22:02:02 2011 SENT CONTROL [server]: 'PUSH_REQUEST' (status=1)

    Thu Feb 17 22:02:58 2011 client1/10.255.255.254:50666 PUSH: Received control message: 'PUSH_REQUEST'

    Thu Feb 17 22:02:58 2011 client1/10.255.255.254:50666 SENT CONTROL [client1]: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0' (status=1)

    Thu Feb 17 22:02:02 2011 PUSH: Received control message: 'PUSH_REPLY,route-gateway 10.8.0.1,ping 10,ping-restart 120,ifconfig 10.8.0.2 255.255.255.0'

    Thu Feb 17 22:02:02 2011 OPTIONS IMPORT: timers and/or timeouts modified

    Thu Feb 17 22:02:02 2011 OPTIONS IMPORT: --ifconfig/up options modified

    Thu Feb 17 22:02:02 2011 OPTIONS IMPORT: route options modified

    Thu Feb 17 22:02:02 2011 TUN/TAP device tap1 opened

    Thu Feb 17 22:02:02 2011 /sbin/ifconfig tap1 10.8.0.2 netmask 255.255.255.0 mtu 1500 broadcast 10.8.0.255

    Thu Feb 17 22:02:02 2011 GID set to nogroup

    Thu Feb 17 22:02:02 2011 UID set to nobody

    Thu Feb 17 22:02:02 2011 Initialization Sequence Completed

    [-] Daemon mode set

    [-] Interface set to br-lan

    [-] Log filename set to "daemonlogger.pcap"

    [-] Tap output interface set to tap0[-] Pidfile configured to "daemonlogger.pid"

    [-] Pidpath configured to "/var/run"

    [-] Rollover size set to 2147483648 bytes

    [-] Rollover time configured for 0 seconds

    [-] Pruning behavior set to oldest IN DIRECTORY

    -*> DaemonLogger <*-

    Version 1.2.1

    By Martin Roesch

    © Copyright 2006-2007 Sourcefire Inc., All rights reserved

    Problems Installing Interceptor On The Mr3202a Router

    in Interceptor

    Posted

    The MR3202A has a MIPS CPU, Atheros chipset, 2 ethernet ports, and compatible with openWRT. It looks just like the MR3201A router that is used in place of the Fon 2100 for Jasager (Pineapple), except for the second ethernet port.

    Using digininja's full install walkthrough at http://www.digininja.org/interceptor/install_walkthrough.php, I was able to get the interceptor package installed, although I did deviate somewhat. My operating system of choice was Backtrack 4 R2.

    These were the differences...

    1. Instead of using redboot.pl and TFTP to install openWRT 8.09, I used a program called "Fon Flash".

    2. I couldnt find the same version of openVPN on openWRT's website http://downloads.openwrt.org/kamikaze/8.09/atheros/packages/, so I used openvpn_2.0.9-5_mips.ipk instead.

    3. The folder was different for this step "cp -a /usr/share/openvpn/easy-rsa/* .", it was found at "/usr/share/openvpn/easy-rsa/2.0" instead.

    4. The IP adress for SSH changed during the install, so when it came to this step "scp client1.crt client1.key ca.crt 192.168.1.1:/interceptor/openvpn/client/", I reconnected via SSH to 10.255.255.254, and used that instead.

    5. "wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B" wasnt working for me (maybe because I was using backtrack?), so I used WICD Network manager instead. Static IP 10.255.255.254, 255.255.255.0 Network mask, gateway blank, DNS 8.8.8.8.

    Other than that, I pretty much followed the directions, however I ran into a few errors.

    1. When I type "/etc/init.d/interceptor start" during SSH session on router, I get error message "ifconfig: SIOCSIFADDR: No such device. bridge br-lan does not exist!"

    2. "wpa_supplicant -Dwext -i wlan0 -c /etc/wpa_supplicant.conf -B" gave me error message "Failed to read or parse configuration..."

    3. When I run ./startup.sh I get "failed to find GID for nobody", and I cannot access interface tap0 unless I comment out "user nobody, and group nobody" from server.conf.

    When I did get the tap0 interface, I saw no packets in Wireshark, but that may just be because I have some confuration settings incorrect.

    When I put the MR3202A in between my home router and my pc, my pc still gets internet access, so that is good. I can still SSH into the MR3202A router, but after days of reading blogs, and staying up all night, I still have not gotten the interceptor to work. I hope someone can learn from my experiences, or even better tell me what I am doing wrong!!! Google offers little assistance in this matter... ;)

    If anyone is interested, the user manual for this router can be found at https://fjallfoss.fcc.gov/oetcf/eas/reports/ViewExhibitReport.cfm?mode=Exhibits&RequestTimeout=500&calledFromFrame=N&application_id=298693&fcc_id=%27HEDMR3202A%27

×
×
  • Create New...