Access Internal Networks with Reverse VPN connections - Hak5 1921

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
bridging networks with Open VPN gateways this time on hack five hello and welcome to hack five my name is darren kitchen this is your weekly dose of Technol us and we have a fantastic show for you today I say we but Shannon isn't here she's on assignment with Patrick Norton in Las Vegas doing CES hope to see them back here soon you should check out their channel youtube.com slash tech thing it's awesome and today's show we are going to get into some epic routing foo and ways that you can bridge discrete networks using Open VPN and I'm particularly going to be using the land turtle because it's a embedded Linux box that we can toss anywhere oh yeah and we make it so of course but you could do the same thing with any embedded Linux device that you can drop on a network so I just want to put it out there because this all came together based on a question from a hak5 fan known as this who you may know if you go to lots of hacker conferences and like spicy peppers regardless it's a really fun topic and something I've been meaning to do a video on for quite a while so let's go ahead and get started I'm going to go ahead and demonstrate first off that these are two discrete networks in fact I'm connecting this laptop to the internet tethered to my phone and then the other network is the switch here which is tied over to a business cable modem and we got a couple of servers and it's the same network on which we will find our land turtle beautifully just plugged into a regular USB power outlet okay so let's take a look at the computer basically if I go ahead the machine that I want to be able to access is at 10.1 10.12 and if I ping it I have no route to host and that's okay I can remedy this well pretty easily all I have to do is join that network well here we are we have an Ethernet cable going straight from that network go ahead and plug it into my computer wait a few seconds I'll do a little if config and there we go I have eth0 eth0 wait for an IP address there we go now I'm on the 10 110 Network and I got dot 13 so I can ping 10 dot 1 to 10 twelve awesome well there you go I am now on that particular Network which is fantastic except for the fact that this ethernet cord isn't very long this here isn't going to really help me when I want to go across the country and maybe I want to be able to access all of the resources on my land here at the hak5 warehouse no matter where I go whether it be on a Windows Mac Linux box even an Android phone and we can do that using Open VPN access server for free quick and easy and I'm going to show you how painless that is now I've got a turkey in the oven I'm going to show you how that works then we're going to take a quick break and build our own turkey all right so let's get to it first thing we need to do is dial into the dial in to the open VPN server I already have one running let's take a look over here I've disconnected my Ethernet cable of a paying that address again you'll see no route to host okay so packets aren't going through nobody's happy but it's ok we can remedy this situation I have a virtual private server sitting on digitalocean pick your VPS provider of choice I happen to like digitalocean because they spin up pretty quickly and they're pretty inexpensive so I have this server here happy bunny spider monkey kill kill kill I'm going to go ahead and copy that address and had there on port 943 slash admin should already be logged in I'm logged in I've got an open VPN access server if I come over to current users we can see we already have a user dialed in called turtle and it has this IP address over here well it's a little bit more tricky than just having an IP address we actually need to tell this turtle sitting right here on this network that not only is it going to be a client of our open Ropin VPN server that's sitting up in the cloud but it is also going to act as a gateway even though it's only a client it's not a server it's not punching holes in the firewall it's not opening ports or anything it's just a client but it is going to dial out from this network which is a lot easier than dialing in and as its outgoing connection it's also going to act as a gateway for anybody else that's also dialed in so you can see the turtle goes like this I go like this we meet in the middle the packets flow so to make that all happen all have to do is take a look down here under user permissions and I have a couple of users here I have frog which will in this case be my laptop and then I have turtle which is my little embedded device over there both of them are set for auto log-in and if I show the turtle setting I have it set to VPN gateway it's set to configure as a VPN gateway and allow me access to this 10.1 to 10.0 / 24 network so with that set all I have to do now from my computer even though I can't ping that this will all be remedied as soon as I do to do to do sudo Open VPN with tech tech configure frog VPN and after the break we'll talk about how we get our au v pn files they're just little config files that tell them how to dial in so now my Open VPN client on Linux is dialing in this is a little prettier on windows or OS 10 or Android but still you can see this finished I got my initialization complete and we've got a bunch of route ads here sweet now we should be able to access some additional network so let me open a new tab over here and I'm going to ping once again 10.1 10.12 and you'll see there the packets the packets are flowing how are the packets flowing pretty simple check this out so if I cancel that and do a trace route on that IP you'll see it's a very simple hop the very first hop is 1 7 2 2 7 2 3 2 1 well wait a second that's a 1 to 7 address so it's not actually a public IP Internet address because as we just solve from my open VPN server if we look here it's actually at 104 dot 2 3 six dah de yada yada ok so what that actually is is it's the Open VPN server if I list these current users you'll see we have both the turtle logged in let me make that a little bigger for you we've got the turtle logged in and we have the Frog logged in both on two discreet networks we can see the real addresses but we can also see their VPN IP addresses in this case the turtle got an IP address on the VPNs LAN at 172 to 7.2 3 to six and then you know I got dot nine well dot one is the server and that's our first hop the next hop is dot six and that's the turtle and then through the turtle we get to dot 12 so what all of this means is that without opening ports in the firewall or anything I now have access not only to my one server on this network but the entire network I can actually come back over here and instead of pinging dot twelve I could ping dot one I could nmap the entire network so what we're going to do is I'm going to show you now that I've shown you like the working that the turkey in the oven we're going to take a quick break and when we get back we're going to build our very own turkey VPN if you've been watching hack five for a while you know how much we love domain.com and you know what hey guys thanks for the hoodie and they're affordable too fast they're reliable they're easy to use Shane and I use them all the time there are a go-to place when we want to bring our ideas to the Internet they've got a domain discovery system that makes it easy to take your mind and put it into the Internet and then your websites up and running in no time at all and you know what's best of all that they are huge fans of hack 5 they've been supporting us for years and they've got the hook up for you that's right you've used the coupon code hak5 you get an extra 15% off when you checkout at domain.com so when you think domain names think domain.com alright so let's go ahead and get started the first thing that we'll need to do is configure our Open VPN server and we're going to run this on a virtual private server in the cloud will then need to set up the client and this will be our pen test machine and that could be anywhere and then we will configure the land turtle for deployment at the client site so that we can get access to the land turtle from anywhere but not just the land turtle but also the entire network for which land turtle is hosted so let's go ahead and get started I have a couple of EPs is pulled up here and I just created this new guy here so let's go ahead and login I'm going to copy that in and I'm going to SSH as route woops over to that new server and enter my newly generated password alright so the next thing we need to do now that we're on this freshly installed machine is go ahead and install the open VPN access server we can grab that from SW update Open VPN org slash a s and just make sure you get the version for your correct architecture in this case I'm grabbing the 64-bit Deb from my boon to box here I'll just W get that once that's W getid we can go ahead and install it with dpkg tak I for install and that Deb file right there and we're going to go ahead and get prompted with all of this information here about how to access the admin UI first thing that we'll need to do is as it says issue passwd open VPN for that Open VPN account we'll create a strong password as this will be the administer and then the next thing is that we'll want to reconfigure this manually using this command here us our local Open VPN a s been open VPN and knit so first thing we need to do is write delete get rid of the current configuration that default stuff and we'll configure this manually in the command line and we accept the agreement next thing is to say whether this is a primary EXO server it is so yes I'm going to go ahead and say one for all interfaces we'll leave the default port and we'll go with most of the defaults here except for local authentication by default is no we want local authentication to be yes we're not using a radius server or anything like that and the rest of this is just defaults we don't have a license key because we're just going to be using the free version with two concurrent clients for the time being alright and once again we're given these addresses so let's go ahead and copy this address here for the administer to fit so or it's as self signed certificate so we'll go ahead and accept that and we can log in now let me increase the font size there with OpenVPN that account that we address just created on that linux box awesome okay so at this point we have gone ahead and configured open VPN for the most part there's a few other things as far as setting up access for the users downloading their credential files and pushing them to those users but the setup and installation of the server itself as you can see is pretty easy and straightforward so at this point let's just check a few things and move forward first thing yes again we agree to that license and I do want to go ahead under authentication and click general and just verify that yes in fact local is a set up and let me increase the font size on this so it's a little easier for you guys to see on the podcast cool so at this point we can go ahead and actually set up our user accounts so let's go ahead and do that what we'll need to do is create users with Auto login preferences so under user management click user permissions and we need to go ahead and create a user for ourselves we're not going to dial in using the openvpn account that's just for administration we're going to create a new user account for our laptop and I'm going to call it pen tester great and I'm going to check auto log-in you don't have to I just prefer to do this and it means that we don't have to type in our password every time save settings and then we'll update the running server that's pretty much it for our pen tester account we do have to specify password so if I click here under show I'll go ahead and give it a good password and come down here and save settings great update the running server once again so now we're at the point where we can actually set up our turtle so our turtle user account is going to be slightly different we're going to have to set a few different parameters that are basically going to allow access to the network for which it is hosted to all of the other clients on this VPN and I say all the other clients it's going to be the turtle that's going to be pentester but let's go ahead and see how that looks all right so let's create a new user here called turtle and we're going to make sure that we check allow auto login because obviously we're not going to be interactive on the turtle when we deploy this so we won't be we'll type in a password save settings update that running server and then show the settings under turtle there's a few things that we need to check here first of all VPN gateway this is going to configure this even though it's a client this is the interesting part normally when it comes to setting up a VPN server you would deploy a box inside the network you would open ports on the firewall and then people would be able to dial in through into that and have access to the rest of the network so this is similar to that in that we're providing access to the rest Network except that we're not having to ask the network administrator to give us access to certain ports and do some forwarding and things of that nature we're actually just going to go out as a client to this virtual private network our server in the cloud and because we're a client we don't have to open up ports or anything funky like that it's really just create establishing a connection in fact it's over for 3 4 3 3 just like any other HTTP traffic so in that case most networks are going to allow the turtle in this case once it's on that network to go ahead and make a connection out and then through that tunnel we'll be able to as the pentester tunnel back in its so the setting that allows us to do that is right here basically we need to say yes to configure VPN gateway then we do need to know the network for which we'll be deploying this on and in this case that's going to be 10 dot one dot 10.24 to slash 24 network there we also need to check both of these allow access from we want allow access from all server side private subnets as well as all VPN clients and that's pretty much it as far as the settings that we need to set for the turtle account itself so just make sure that yours looks like this the only thing that's very specific is you know the IP address on which you're going to deploy and there are many ways using the turtle to find out what IP a range the the network you've connected to is and then you can always update this say it setting later as I'll show you now I'll hit save settings and then of course all I have to do is update the running server so what's really cool about this is that all of the configuration changes that we're making here are actually stored in the server when we go ahead and actually download these open VPN configuration files basically it says hey for your configuration query the server it will let you know what to do so in this case I've said hey do all of this cool forwarding that allows the turtle to act as a VPN gateway and that's configured on the server side so once we've set this up once I can use this now on all sorts of different networks the only thing that it may have to change is the address for which network it's going to be sharing all right so with that all set up let's go ahead and configure our clients so to do that as you can see here we're logged in to slash admin on this server I'm going to go ahead and open up an incognito window and browse to not slash admin ok so this is what it typically looks like for a client to log in and I'm going to go ahead and log in as let's see who should we do first let's do my machine here first so pentester and if you do this on a Windows machine or a Mac it'll offer you it'll immediately you know notice based on your user agent you know which one and offer you an executable of that nature as you can see here there's native clients here for Windows Mac Android iOS and Linux but what we want to do is I already have open VPN installed and I can show you that here it's basically do to do to do and why did I wanted to close that pipe huh didn't need to do that ok back on my VPS but on my local machine here I can see that I have open VPN and I can do a tactic version and see okay so I have Open VPN installed if you don't it's just a matter of sudo apt-get install open VM or whatever your package manager may be on your Linux distro if you're using Linux otherwise if you're using Windows Mac Android or iOS is just as simple as downloading one of these so for pen testers since we're using Linux I'm going to download my auto log-in profile and I'm going to name it here as pentester o VPN all right so oh that's for me what about for the turtle I'm going to go ahead and log out and let's log in as the turtle and that didn't work because I actually haven't specified a password for the turtle so let me come back here under turtle hit show specify a password come down here and save settings update the running server okay and now I should be able to log in great download the auto log-in profile I'm going to name it turtle u VPN there we go okay so now I've downloaded both of my client logins it's just a matter of going ahead and getting the client information over to the turtle so I'm going to go ahead and plug in my turtle to my laptop and while my turtle is booting up I'm going to go ahead and open up this turtle ovp nn say G edit and I'm going to just go ahead and select the entire thing and copy it to my clipboard like close that and at this point should be able to go ahead and login to my land turtle and if I if config I can see I'm connected to my land turtle over X 26 so let's SSH into the land turtle and I'll go to modules and come down to the Open VPN module configure that and here I'm just going to go ahead and paste and this is the open VPN configuration file you'll notice it has a bunch of certificates in there that's kind of awesome it keeps the CA and the key and everything else all into one file and that's what allows us to log in without having to be interactive alright I'll hit OK and now I'll just configure this module to start up on boot by hitting enable I see Buddha status is set to enable and at this point I can just go ahead and back out of all of these menus and I'll exit my SSH session so I can go ahead and unplug my turtle there we go alright so now I'm ready to deploy my turtle on the land I'm going to do this well you know do however you would in whatever social engineering you can in this case I'm just going to power this guy off of just a regular any USB power adapter and plug it straight into the land I could also go ahead and you know do that in line as a USB Ethernet adapter into a client computer and it would connect to the land and you know it wouldn't be any different than this but in this case it's going to go ahead and start booting up and while it's doing that let's take a look at the Open VPN server alright if we go to current users and there we go and we see our VPN IP address and the real address and all of that so if with this all set up let's go ahead and I'm first going to show you that I am not connected to the network let's say my online yes I'm online great so I'll be able to dial in to the VPN but if you see if I ping 10.1 1012 I don't have any route to that house that's not going to happen but since if I LS I have this pen test your VPN file all I have to do is a sudo Open VPN tak-tek configure pen tester Open VPN and it's not configured it's tak tak config there we go so this is dialing in and the initialization sequence is complete you can see we did a few route ads here if I come back over to the server and show the current users you'll see that I notice turtle as well as pen test if I actually copy this address here the one seven two to seven I can open a new terminal and I can ping that address and that's going through the VPN so if I wanted to I could for instance SSH as root into that address and would you look at that it's my turtle but moreover by exit out of that I can now ping 10:1 10.1 oh look at that which means that I can also hit 10:1 1012 because I can see the entire network which now means if I open a new tab and go to 10.1 10.12 there we are so there you have it I am you know connected to the Internet through my phone I could be anywhere in the world and because my turtle is set up to be a client on the open VPN server that we set up as well as to be a VPN gateway now I can access not only the turtle but also all of the other machines on that network which is awesome for penetration testers and systems administrators alike the one other thing that I want to show you before we wrap this up is a configuration issue that you may notice on the turtle as it pertains to your firewall I just want to review that real quick because that will solve any kind of routing issues that you may be having so let's go ahead and take a look at that so in that case you know what I can actually do this through the VPN where VPN dinh so I don't have to connect it to my client machine I could be in Hawaii right now so let me go ahead and SSH back into that guy and let me make this a little bigger for you all right so let me exit out of here and there's two things that you're going to want to set up on the land turtle if it hasn't already configured for you in /xe slash config you'll want to take a look at your network file here and you'll want to make sure that you have an interface called VPN and its interface name is tun 0 tun 0 is the interface that the open VPN session actually creates and set up your protocol to be DHCP if I actually quit out of that and run if config you'll notice here's my tun 0 and this is the IP address I have on the VPN server ok so now that we've defined a VPN network the last thing is to take a look at your firewall and make sure that you have routing to and from that so you see here that we have a zone configured and this is by default to have a zone called LAN and it accepts in and out and forward similarly we now also have a zone called VPN that accepts in out and forward and then the last thing here is to go ahead and make sure that you have forwarding going between the Vans so similar to have we have the win in the land allowing source and destination forwarding we have the exact same thing configure forwarding source VPN destination LAN and then the other way around from source went to destination VPN as long as all of those are set then everything is going to be super happy and packets will flow so that was that was got a lot I'm sure you have some questions go ahead and leave them in the comments like I said I'm doing this with a land turtle but really any Linux machine would be able to do this of course I'm partial to the land turtle because we make them and it's one of the reasons we did is to be a you know covert Dropbox that you can just toss anywhere make it you know function and look like a USB Ethernet adapter and go unnoticed and did so for the same reasons as always the one side being a penetration just to the other side being a systems administrator so those really go hand-in-hand I would love to hear your thoughts on this so go ahead and leave them in the comments Shannon we will be back next week very excited about that so move back with all sorts of good technology good stuff I think we're actually in Vegas for a weird super funky thing I'll tell you guys all about that later but anyway thanks so much if you're into the land turtle stuff you learn more about that at Lanter ttle calm you'll find links there to all of the community resources such as the forums and I look forward to hearing comments with that i'm darren kitchen and until next week trust your techno list I don't know why I did that like obi-wan Kenobi like these are not the VPNs you're looking for
Info
Channel: Hak5
Views: 184,082
Rating: undefined out of 5
Keywords: VPN, LAN turtle, OpenVPN, remote access, reverse, Gateway, client, OpenVPN Access Server, VPS, hack, pentest, penetration testing, sysadmin, systems administration, darren kitchen, shannon morse, hack5, hak5, internal, networks
Id: b7qr0laM8kA
Channel Id: undefined
Length: 26min 10sec (1570 seconds)
Published: Thu Jan 14 2016
Related Videos
How to Tether Without The Fees - Hak5 2111
Hak5
167K
How to Make Your Own VPN (And Why You Would Want to)
Wolfgang's Channel
1.4M
2020 Getting started with pfsense 2.4 Tutorial: Network Setup, VLANs, Features & Packages
Lawrence Systems
589K
Introducing the Packet Squirrel! - Hak5 2307
Hak5
153K
How to Get a Reverse Shell in 3 Seconds with the USB Rubber Ducky - Hak5 2110
Hak5
270K
Advanced NMap Techniques - Hak5 2415
Hak5
150K
Putting it All Together - Docker, Docker-Compose, NGinx Proxy Manager, and Domain Routing - How To.
Awesome Open Source
44K
PiVPN : How to Run a VPN Server on a $35 Raspberry Pi!
Lon.TV
794K
ACCESSING SCAMMER'S REAL BANK ACCOUNT!
Scambaiter
1.3M
How Hackers Exploit Log4J to Get a Reverse Shell (Ghidra Log4Shell Demo) | HakByte
Hak5
2.2K
How to Build An OpenVPN Access Point - Hak5 2017
Hak5
83K
HakByte: Capture Wi-Fi Passwords From Smartphones with a Half-Handshake Attack
Hak5
171K
Tracking Phones with Infrared and IRis - Hak5 2121
Hak5
87K
Who makes those scam popups?
Jim Browning
1.2M
Build Your Own VPN Proxy
Crosstalk Solutions
98K
How to Setup a Raspberry Pi LEARNING Desktop (Linux, Hacking, Coding)
NetworkChuck
1.1M
pfsense OpenVPN Policy Routing With Kill Switch Using PIA / Private Internet Access
Lawrence Systems
37K
Linux - SSH for Remote Administration
Eli the Computer Guy
13K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.