[infosec-course] CTF activities, vpn and stuff
George Noseevich
ngo at lvk.cs.msu.su
Fri Mar 1 11:19:49 UTC 2013
???? ??????!
??? ???? ????????, ? ?????? ??????? ?????? ????????? ctf-like
activities, ????????? ?? ??????? ????? ??????????? ???????? ?????????
?????????????? (e.g. ????????? ?????? ????????? ? ??). ?????? ?? ?????
??????????? vpn-??????? ?? ??????? ????????????? (????????, ?? ?????
ructf quals ????? ????? ?????? ?????).
??? ???. ??? ????, ????? ???????? ?????? ? ????? ctf-??????????????,
???? ?????????? ????? ????? ???????? vpn-??????????? (?? ???????? ?
vpn-????????????? ??? ???).
????????? ??????? ?? ????????? ????? (???????? ??? ?????????????? ?????,
??????????? win-????? ???????? ????????? ???-?????? ??-???????):
1.?????????? openssl ? ?????-???? ??????? ??????? ????? ????????
easy-rsa 2.0 (?????? ? ????? openvpn, ???? ????????? ?? ??? ???? ?????
?? ?????????)
2.??????? ??????? ??? ???????? ??????, ?????????? ??? ????? 700:
mkdir ~/keys
3. ? ?????? ????????????? easy-rsa ?? ?????????????? openvpn,
??????????? easy-rsa ? ????????? ???????:
mkdir ~/easy-rsa ; cp /usr/share/openvpn/easy-rsa/2.0/* ~/easy-rsa ?
?????? ????????????? ???? ????? ???? ?????? ???? ??? ????????? ???
????, ?????, ??-??????, ??????????????? ???? ????? ?????? Organization
name ? ?.?. ? ????? ??? ??? ?? ???? ???????????? ??? ?????????? openvpn .
4. ?????????????? ~/easy-rsa/vars ???????? ????? ?? ????????
5. ????????? ??????:
cd ~/easy-rsa ; source vars
6. ??????????? easy-rsa ? ??????? ??????? (????????: ???? ??? ??????
?????????? ????? ? ???????)
./clean-all
7. ??????????? ca.crt ?? ???????? ? ????? keys
8. ??????? ???? ? ??????: ./build-req your_chosen_name.
? ???????? ???????? ????? ??? ?????? ???? email, ??? ????????? ??????
(OU, ON ? ??) - ???????? ??? ?????????.
your_chosen_name - ??? ???????, ???, ????????????? - ???-?????? ? ???? ????.
???????????? ????????????? ?????????? ?????? ?? ????.
????? ?????????? ????? ???? ? ????? keys ???????? ?????
your_chosen_name.csr ? your_chosen_name.key
???? ?? ???? ?????? (??????? .key) - ??? ????????? ????, ??????? ??? ?
???????. ???? .csr ?????? ???? ?????? ???. ?????? ?????????? ???????????
??????????? csr-?????, ??? ???? ?????????? ????? ?????? ? ???. 603 ?
????? ??????????, ?????????????? ???????? (?????? ???? ????????) ?
??????? ????????? csr-????? (md5sum wtf.csr). ?????? ?????? ????????
????????????? ? ????????? ?????? PGP-?????, ???? ?? ? ??? ????. ??? ????
0x59AAC124, subkeys.pgp.net.
????? ???????? ?? ???????? ?? ????? ??? ?????? ?????????? (??? ? csr,
??? ?? ????????? ??????, ??? ??? ??????????????? ???????????? ??? ??????
?????????? ????? ??????????). ??? ??????????? ???? ???????????? ??????
ctf.conf ?? ???????? (sudo openvpn ctf.conf), ? ??????? ???? ????????
ngo ?? your_chosen_name. ??? ??????? .key ? .crt - ????? ??????
?????????? ? ????? ????? ? ???????? (??????? ? ca.crt).
????? ??????? openvpn, ???? ??? ?????? ?????????, ? ??? ?????? ?????????
?????? ? ???? 10.13.37.0/24 (? ?????????, ?????? ??????????? ????
10.13.37.0)
??? ????????????? ????? ???????????? ???????? ctf-defroute.conf, ???????
???????? ??????? ????? ??????? ? ???????? ???????? ?? ?????????, ???
????? ???? ??????? ? ????????? ?????????. ? ?????????, ????? ???????
???? ?????? ? ???????? ????? ???? ??????????, ??? ??? ?? ????? ?????
???????????? ? ???????????? wifi-?????. Use responsibly.
?? ???? ???????? - ??????.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.secsem.ru/pipermail/course/attachments/20130301/53c7f49a/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ca.crt
Type: application/x-x509-ca-cert
Size: 1289 bytes
Desc: not available
URL: <http://lists.secsem.ru/pipermail/course/attachments/20130301/53c7f49a/attachment.crt>
-------------- next part --------------
# easy-rsa parameter settings
# NOTE: If you installed from an RPM,
# don't edit this file in place in
# /usr/share/openvpn/easy-rsa --
# instead, you should copy the whole
# easy-rsa directory to another location
# (such as /etc/openvpn) so that your
# edits will not be wiped out by a future
# OpenVPN package upgrade.
# This variable should point to
# the top level of the easy-rsa
# tree.
export EASY_RSA="`pwd`"
#
# This variable should point to
# the requested executables
#
export OPENSSL="openssl"
export PKCS11TOOL="pkcs11-tool"
export GREP="grep"
# This variable should point to
# the openssl.cnf file included
# with easy-rsa.
export KEY_CONFIG=`$EASY_RSA/whichopensslcnf $EASY_RSA`
# Edit this variable to point to
# your soon-to-be-created key
# directory.
#
# WARNING: clean-all will do
# a rm -rf on this directory
# so make sure you define
# it correctly!
export KEY_DIR="$EASY_RSA/../keys"
# Issue rm -rf warning
echo NOTE: If you run ./clean-all, I will be doing a rm -rf on $KEY_DIR
# PKCS11 fixes
export PKCS11_MODULE_PATH="dummy"
export PKCS11_PIN="dummy"
# Increase this to 2048 if you
# are paranoid. This will slow
# down TLS negotiation performance
# as well as the one-time DH parms
# generation process.
export KEY_SIZE=1024
# In how many days should the root CA key expire?
export CA_EXPIRE=3650
# In how many days should certificates expire?
export KEY_EXPIRE=3650
# These are the default values for fields
# which will be placed in the certificate.
# Don't leave any of these fields blank.
export KEY_COUNTRY="RU"
export KEY_PROVINCE="Moscow"
export KEY_CITY="Moscow"
export KEY_ORG="Bushwhackers"
export KEY_EMAIL="webpentest at gmail.com"
export KEY_EMAIL=webpentest at gmail.com
export KEY_CN=ctf-vpn
export KEY_NAME=
export KEY_OU=ctf
export PKCS11_MODULE_PATH=changeme
export PKCS11_PIN=1234
-------------- next part --------------
client
dev tap0
port 1194
proto tcp
remote ctf.seclab.cs.msu.su 443
nobind
ca ca.crt
cert ngo.crt
key ngo.key
comp-lzo
persist-key
persist-tun
verb 3
-------------- next part --------------
client
dev tap0
port 1194
proto tcp
remote ctf.seclab.cs.msu.su 443
nobind
ca ca.crt
cert ngo.crt
key ngo.key
redirect-gateway def1
comp-lzo
persist-key
persist-tun
verb 3
More information about the course
mailing list