Cahier groupe n°5 : Différence entre versions
De Wiki d'activités IMA
m (→Specification of the specific task) |
(→Useful information) |
||
| Ligne 14 : | Ligne 14 : | ||
: HTTP Address : [http://troubadour.lol/] | : HTTP Address : [http://troubadour.lol/] | ||
: HTTPS Address : [https://troubadour.lol/] | : HTTPS Address : [https://troubadour.lol/] | ||
| + | |||
| + | === Progress === | ||
| + | |||
| + | ; <span style="color: green;">Particular task - PART 1 | ||
| + | : Configuration of the wifi AP | ||
| + | : Route through Polytech gateway (172.26.79.254) | ||
| + | : MAC address filtering on half the eeePC | ||
| + | : Tests | ||
| + | ; <span style="color: green;">Particular task PART 2 | ||
| + | : Route through local gateway (10.10.10.254) | ||
| + | : Telnet accessibility | ||
| + | ; <span style="color: green;">Configuration of the xen VM</span> | ||
| + | : Creation & installation of packages | ||
| + | : SSH accessibility | ||
| + | ; <span style="color: green;">Wifi WEP crack </span> | ||
| + | ; <span style="color: green;">Wifi WPA crack </span> | ||
| + | ;<span style="color: green;">DNS - Bind configuration</span> | ||
| + | : Buying troubadour.lol domain name and the certificate | ||
| + | : Bind server, IPv4 and IPv6 configuration | ||
| + | ;<span style="color: green;">SSL Certificate </span> | ||
| + | ;<span style="color: green;">DNSSEC</span> | ||
| + | ;<span style="color: red;">RAID5</span> | ||
| + | ;<span style="color: red;">Crypted SD card</span> | ||
| + | ;<span style="color: red;">WEP-secured wifi network </span> | ||
| + | ;<span style="color: red;">WPA-PSK-secured wifi network </span> | ||
| + | ;<span style="color: red;">FreeRadius ID server configuration </span> | ||
| + | ;<span style="color: red;">WPA2-EAP-secured wifi network </span> | ||
| + | ;<span style="color: red;">PCBX configuration </span> | ||
== Specification of the specific task == | == Specification of the specific task == | ||
Version du 3 décembre 2015 à 11:17
Useful information
Gabriel Pagola Nielsen & Jérémie Denéchaud
- Xen Vitural Machine
- Name - troubadour
- Address - 193.48.57.165
- Wifi hotspot
- Name - Troubadour
- Address (first part) - 172.26.79.11
- Address (second part) - 10.10.10.2
Progress
- Particular task - PART 1
- Configuration of the wifi AP
- Route through Polytech gateway (172.26.79.254)
- MAC address filtering on half the eeePC
- Tests
- Particular task PART 2
- Route through local gateway (10.10.10.254)
- Telnet accessibility
- Configuration of the xen VM
- Creation & installation of packages
- SSH accessibility
- Wifi WEP crack
- Wifi WPA crack
- DNS - Bind configuration
- Buying troubadour.lol domain name and the certificate
- Bind server, IPv4 and IPv6 configuration
- SSL Certificate
- DNSSEC
- RAID5
- Crypted SD card
- WEP-secured wifi network
- WPA-PSK-secured wifi network
- FreeRadius ID server configuration
- WPA2-EAP-secured wifi network
- PCBX configuration
Specification of the specific task
Presentation of the particular task
The specific task consist in configuring one of the two wifi access point (AP). Those APs are connected to the Cisco Catalyst 6009 switches to provide further redundancy.
Hardware used for the particular task
We use a Cisco Aironet 2600 wifi access point.
Progress monitoring
Session 1 (01/10/2015)
Steps to follow :
- Connecting via serial link to the Cisco Aironet 2600
- Adapting the configuration for insecure network
- Accessing the hotspot via ethernet
- Using the web interface to configure mac address filtering
Session 2 (08/10/2015)
- Configuration of the Wifi AP
minicom -os //9600 bauds
en
config
interface BVI 1
ip address 172.26.79.11 255.255.240.0
end
write
- Using the web interface to configure mac address filtering (root:Cisco)
- Different tests to enable mac filtering
- Unknown problem that lead to the reset of the Access point
Session 3 (15/10/2015)
- Reset of the Access point
- Mac address filtering working correctly
- Creation of the AP (SSID = "troubadour")
- Filtering half of the eeePC
- Penetration test by MAC spoof from an eeePC :
ifconfig wlan0 hw ether XX:XX:XX:XX:XX:XX
Session 4 (22/10/2015)
- Creation of the virtual drives
- Configuration of the xen virtual machine "troubadour"
xen-create-image --hostname=troubadour --ip=193.48.57.165 --netmask=255.255.255.240 --gateway=193.48.57.174 --dir=/usr/local/xen --mirror=http://debian.polytech-lille.fr/debian/ --dist=jessie --passwd
Session 5 (12/11/2015)
- Successful wifi WEP encryption crack
- SSH accessibility of the VM.
Session 6 (19/11/2015)
- Wifi WPA encryption crack attempt almost successful
- Cap file & handshake captured
- dictionnary created with the powerful command crunch:
crunch 8 8 -o wl.txt -t %%%%%%%%
- Problems with apt-get to download aircrack on tutur
Session 7 (25/11/2015)
- Aircrack of the previously captured cap file
- Successful WPA crack
- Configuration of the wifi hotspot for the local network
ip default-gateway 10.10.10.254
- Telnet accessibility from a VM
- Configuration of the DNS server following this tutorial
- Beginning of SSL configuration while Gandi processes the DNS change
- Successful DNS configuration :
Session 8 (26/11/2015)
- End of SSL certification following this tutorial
- Fixing a conflict in /etc/apache2/ports.conf
- Apache2 would not restart because of an already-listened-to 443 port
- The port 443 was listened by a previous module
- All other modules listenning to 443 port were commented out
- Successful SSL configuration for www.troubadour.lol and troubadour.lol
- Fixing a bug on the IPv6 address, causing the DNSSEC to fail
- TCP and UDP transit didn't seem to work
- Port 53 seemed closed (according to zonemaster.com)
- A correct rebuild of Bind worked
Session 9 (03/12/2015)
