Add OpenWRT VLAN config

This commit is contained in:
Neale Pickett 2010-10-21 16:06:24 -06:00
parent 7fba5155b1
commit ab18a9b4d6
13 changed files with 233 additions and 3 deletions

View File

@ -1,6 +1,5 @@
Ideas for puzzles
=================
* Hide something in a .docx zip file
* Bootable image with FreeDOS, Linux, Inferno? HURD?
* Bury puzzles in various weird locations within each OS
* Maybe put some in the boot loader, too
@ -9,7 +8,17 @@ Ideas for puzzles
* DHCP option
* Single TCP RST with token in payload
* Multiple TCP RST with different payloads
* http://10.0.0.2/token
* PXE boot some sort of points-gathering client
* Init asks for a team hash, and starts awarding points
* Broken startup scripts, when fixed award more points
* Lots of remote exploits
* "qemu -net socket" vpn thingy and then...
* sfxrar packed with upx. Change an instruction so it won't actually execute.
Capture the Packet
------------------
* Jim Meilander could teach a class about Bro
* Use qemu -net socket,connect=10.0.0.2:5399 for capture the packet

57
doc/openwrt/README Normal file
View File

@ -0,0 +1,57 @@
This directory contains the files used to set up an OpenWRT router.
Bear in mind that the cheap consumer routers have relatively slow CPUs
and won't stand up to high volume. This same configuration applies to
OpenWRT running on an x86 PC, or any other target of OpenWRT. For
larger contests, it would be a good idea to use a faster machine for the
router. I don't have any specific recommendations at this time (Oct
2010).
The router comes up as 10.0.0.1/16 on eth0.
If the router has a built-in switch, it is brought up without VLAN
support, since these switches typically only support 16 VLANs, and do
not support QinQ (double VLAN tags). All 5 ports work like an unmanaged
switch, which ends up being handy for the contest table.
Plugging a managed switch into the router enables access to 48 VLANs,
each configured to a /16 network. The router on VLAN number v comes up
as 10.v.0.1/16.
If the router has the ability to come up as a wireless access point, it
will do so with SSID "CTF" and IP 10.254.0.1/16.
All subnets can route to all other subnets, through the router.
10.0.0.1/16 and 10.254.0.1/16 may have a higher TTL when routed to a
VLAN (I haven't checked). Keep in mind that anything connected directly
to the router (ie. not through the managed switch) can do its own VLAN
tagging. This would be the way to hop on another team's subnet to do
something like check service availability in such a way as to prevent
teams from firewalling each other out.
SSID "CTF"
10.254.0.1/16
((Y))
|
-------------
| OpenWRT |
-0-1-2-3-4---
/| | | | |
/ | | | | |
/ | | | | |
/ 10.0.0.1/16
/
-------------------t---
| Managed Switch |
-1-2-3-4-5-...-47-48---
/ | | \
/ | | \
/ | | \
/ | | \
10.1.0.1/16 | | 10.48.0.1/16
| |
10.3.0.1/16 |
|
10.47.0.1/16

2
doc/openwrt/dhcp Normal file
View File

@ -0,0 +1,2 @@
config dnsmasq
option leasefile '/tmp/dhcp.leases'

55
doc/openwrt/dnsmasq.conf Normal file
View File

@ -0,0 +1,55 @@
no-resolv
local=/ctf/
no-hosts
domain=ctf
dhcp-authoritative
dhcp-range=10.0.1.10,10.0.1.254
dhcp-range=10.1.1.10,10.1.1.254
dhcp-range=10.2.1.10,10.2.1.254
dhcp-range=10.3.1.10,10.3.1.254
dhcp-range=10.4.1.10,10.4.1.254
dhcp-range=10.5.1.10,10.5.1.254
dhcp-range=10.6.1.10,10.6.1.254
dhcp-range=10.7.1.10,10.7.1.254
dhcp-range=10.8.1.10,10.8.1.254
dhcp-range=10.9.1.10,10.9.1.254
dhcp-range=10.10.1.10,10.10.1.254
dhcp-range=10.11.1.10,10.11.1.254
dhcp-range=10.12.1.10,10.12.1.254
dhcp-range=10.13.1.10,10.13.1.254
dhcp-range=10.14.1.10,10.14.1.254
dhcp-range=10.15.1.10,10.15.1.254
dhcp-range=10.16.1.10,10.16.1.254
dhcp-range=10.17.1.10,10.17.1.254
dhcp-range=10.18.1.10,10.18.1.254
dhcp-range=10.19.1.10,10.19.1.254
dhcp-range=10.20.1.10,10.20.1.254
dhcp-range=10.21.1.10,10.21.1.254
dhcp-range=10.22.1.10,10.22.1.254
dhcp-range=10.23.1.10,10.23.1.254
dhcp-range=10.24.1.10,10.24.1.254
dhcp-range=10.25.1.10,10.25.1.254
dhcp-range=10.26.1.10,10.26.1.254
dhcp-range=10.27.1.10,10.27.1.254
dhcp-range=10.28.1.10,10.28.1.254
dhcp-range=10.29.1.10,10.29.1.254
dhcp-range=10.30.1.10,10.30.1.254
dhcp-range=10.31.1.10,10.31.1.254
dhcp-range=10.32.1.10,10.32.1.254
dhcp-range=10.33.1.10,10.33.1.254
dhcp-range=10.34.1.10,10.34.1.254
dhcp-range=10.35.1.10,10.35.1.254
dhcp-range=10.36.1.10,10.36.1.254
dhcp-range=10.37.1.10,10.37.1.254
dhcp-range=10.38.1.10,10.38.1.254
dhcp-range=10.39.1.10,10.39.1.254
dhcp-range=10.40.1.10,10.40.1.254
dhcp-range=10.41.1.10,10.41.1.254
dhcp-range=10.42.1.10,10.42.1.254
dhcp-range=10.43.1.10,10.43.1.254
dhcp-range=10.44.1.10,10.44.1.254
dhcp-range=10.45.1.10,10.45.1.254
dhcp-range=10.46.1.10,10.46.1.254
dhcp-range=10.47.1.10,10.47.1.254
dhcp-range=10.48.1.10,10.48.1.254
dhcp-range=10.254.1.10,10.254.1.254

27
doc/openwrt/iptables Executable file
View File

@ -0,0 +1,27 @@
#! /bin/sh /etc/rc.common
START=45
STOP=89
VLANS=48
start () {
stop
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -A INPUT -p udp --dport 67 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A INPUT -s 10.0.0.0/16 -j ACCEPT
iptables -A INPUT -j REJECT
}
stop () {
iptables -F INPUT
iptables -F OUTPUT
iptables -F FORWARD
}

27
doc/openwrt/network Normal file
View File

@ -0,0 +1,27 @@
#### Switch configuration
config switch eth0
option enable 1
option enable_vlan 0
#### Loopback configuration
config interface loopback
option ifname "lo"
option proto static
option ipaddr 127.0.0.1
option netmask 255.0.0.0
#### Administrative network
config interface admin
option ifname "eth0"
option proto static
option ipaddr 10.0.0.1
option netmask 255.255.0.0
#### Wireless
config interface wifi
option proto static
option ipaddr 10.254.0.1
option netmask 255.255.0.0
# OpenWRT's "ifup/ifdown" are horribly slow, so the 48
# vlans are set up in an init script :)

20
doc/openwrt/vlan Executable file
View File

@ -0,0 +1,20 @@
#! /bin/sh /etc/rc.common
START=41
STOP=89
VLANS=48
start () {
for i in $(seq 1 $VLANS); do
vconfig add eth0 $i
ifconfig eth0.$i 10.$i.0.1 netmask 255.255.0.0
done
}
stop () {
for i in $(seq 1 $VLANS); do
vconfig rem eth0.$i
done
}

9
doc/openwrt/wifi Normal file
View File

@ -0,0 +1,9 @@
config wifi-device wl0
option type broadcom
option channel 1
config wifi-iface
option device wl0
option network wifi
option mode ap
option ssid CTF

14
doc/problems.txt Normal file
View File

@ -0,0 +1,14 @@
* "net-re" dash tripping up category validation in puzzler
* scores not preserved in /var/lib/ctf, wtf?
* bletchley 150 no key
* claim.cgi not exiting
* someone managed to get a point in no category. that broke the scoreboard.
* ha ha, guess what this does if points.log already exists:
install -o root -m 0644 /dev/null /var/lib/ctf/points.log
* scoreboard: teams aren't properly filling columns (make td have size)
* sequence 700 no key
* steg 20 not m4ing key
* no "pointscli" binary
* steg 200 totally screwed up
* get LAUR for contest

View File

@ -2,5 +2,4 @@ Things That Need Fixin'
=======================
* puzzles.cgi really needs to cross out points your team has claimed.
* I really hate C. Is it possible to use some other language (like
Haskell)?
* Make an OpenWRT router image for a FitPC

View File

@ -0,0 +1,3 @@
#! /bin/sh
exec logger -t sshd

Binary file not shown.

8
pwnables/service/sshd.pwn/run Executable file
View File

@ -0,0 +1,8 @@
#! /bin/sh
exec 2>&1
if [ -d /opt/mcp ]; then
sv d .
exit
fi
exec dropbear -r ./rsa.key -E -F