mirror of https://github.com/dirtbags/moth.git
Add OpenWRT VLAN config
This commit is contained in:
parent
7fba5155b1
commit
ab18a9b4d6
|
@ -1,6 +1,5 @@
|
|||
Ideas for puzzles
|
||||
=================
|
||||
* Hide something in a .docx zip file
|
||||
* Bootable image with FreeDOS, Linux, Inferno? HURD?
|
||||
* Bury puzzles in various weird locations within each OS
|
||||
* Maybe put some in the boot loader, too
|
||||
|
@ -9,7 +8,17 @@ Ideas for puzzles
|
|||
* DHCP option
|
||||
* Single TCP RST with token in payload
|
||||
* Multiple TCP RST with different payloads
|
||||
* http://10.0.0.2/token
|
||||
* PXE boot some sort of points-gathering client
|
||||
* Init asks for a team hash, and starts awarding points
|
||||
* Broken startup scripts, when fixed award more points
|
||||
* Lots of remote exploits
|
||||
* "qemu -net socket" vpn thingy and then...
|
||||
* sfxrar packed with upx. Change an instruction so it won't actually execute.
|
||||
|
||||
|
||||
Capture the Packet
|
||||
------------------
|
||||
|
||||
* Jim Meilander could teach a class about Bro
|
||||
* Use qemu -net socket,connect=10.0.0.2:5399 for capture the packet
|
||||
|
|
|
@ -0,0 +1,57 @@
|
|||
This directory contains the files used to set up an OpenWRT router.
|
||||
|
||||
|
||||
Bear in mind that the cheap consumer routers have relatively slow CPUs
|
||||
and won't stand up to high volume. This same configuration applies to
|
||||
OpenWRT running on an x86 PC, or any other target of OpenWRT. For
|
||||
larger contests, it would be a good idea to use a faster machine for the
|
||||
router. I don't have any specific recommendations at this time (Oct
|
||||
2010).
|
||||
|
||||
The router comes up as 10.0.0.1/16 on eth0.
|
||||
|
||||
If the router has a built-in switch, it is brought up without VLAN
|
||||
support, since these switches typically only support 16 VLANs, and do
|
||||
not support QinQ (double VLAN tags). All 5 ports work like an unmanaged
|
||||
switch, which ends up being handy for the contest table.
|
||||
|
||||
Plugging a managed switch into the router enables access to 48 VLANs,
|
||||
each configured to a /16 network. The router on VLAN number v comes up
|
||||
as 10.v.0.1/16.
|
||||
|
||||
If the router has the ability to come up as a wireless access point, it
|
||||
will do so with SSID "CTF" and IP 10.254.0.1/16.
|
||||
|
||||
All subnets can route to all other subnets, through the router.
|
||||
10.0.0.1/16 and 10.254.0.1/16 may have a higher TTL when routed to a
|
||||
VLAN (I haven't checked). Keep in mind that anything connected directly
|
||||
to the router (ie. not through the managed switch) can do its own VLAN
|
||||
tagging. This would be the way to hop on another team's subnet to do
|
||||
something like check service availability in such a way as to prevent
|
||||
teams from firewalling each other out.
|
||||
|
||||
|
||||
SSID "CTF"
|
||||
10.254.0.1/16
|
||||
((Y))
|
||||
|
|
||||
-------------
|
||||
| OpenWRT |
|
||||
-0-1-2-3-4---
|
||||
/| | | | |
|
||||
/ | | | | |
|
||||
/ | | | | |
|
||||
/ 10.0.0.1/16
|
||||
/
|
||||
-------------------t---
|
||||
| Managed Switch |
|
||||
-1-2-3-4-5-...-47-48---
|
||||
/ | | \
|
||||
/ | | \
|
||||
/ | | \
|
||||
/ | | \
|
||||
10.1.0.1/16 | | 10.48.0.1/16
|
||||
| |
|
||||
10.3.0.1/16 |
|
||||
|
|
||||
10.47.0.1/16
|
|
@ -0,0 +1,2 @@
|
|||
config dnsmasq
|
||||
option leasefile '/tmp/dhcp.leases'
|
|
@ -0,0 +1,55 @@
|
|||
no-resolv
|
||||
local=/ctf/
|
||||
no-hosts
|
||||
domain=ctf
|
||||
dhcp-authoritative
|
||||
dhcp-range=10.0.1.10,10.0.1.254
|
||||
dhcp-range=10.1.1.10,10.1.1.254
|
||||
dhcp-range=10.2.1.10,10.2.1.254
|
||||
dhcp-range=10.3.1.10,10.3.1.254
|
||||
dhcp-range=10.4.1.10,10.4.1.254
|
||||
dhcp-range=10.5.1.10,10.5.1.254
|
||||
dhcp-range=10.6.1.10,10.6.1.254
|
||||
dhcp-range=10.7.1.10,10.7.1.254
|
||||
dhcp-range=10.8.1.10,10.8.1.254
|
||||
dhcp-range=10.9.1.10,10.9.1.254
|
||||
dhcp-range=10.10.1.10,10.10.1.254
|
||||
dhcp-range=10.11.1.10,10.11.1.254
|
||||
dhcp-range=10.12.1.10,10.12.1.254
|
||||
dhcp-range=10.13.1.10,10.13.1.254
|
||||
dhcp-range=10.14.1.10,10.14.1.254
|
||||
dhcp-range=10.15.1.10,10.15.1.254
|
||||
dhcp-range=10.16.1.10,10.16.1.254
|
||||
dhcp-range=10.17.1.10,10.17.1.254
|
||||
dhcp-range=10.18.1.10,10.18.1.254
|
||||
dhcp-range=10.19.1.10,10.19.1.254
|
||||
dhcp-range=10.20.1.10,10.20.1.254
|
||||
dhcp-range=10.21.1.10,10.21.1.254
|
||||
dhcp-range=10.22.1.10,10.22.1.254
|
||||
dhcp-range=10.23.1.10,10.23.1.254
|
||||
dhcp-range=10.24.1.10,10.24.1.254
|
||||
dhcp-range=10.25.1.10,10.25.1.254
|
||||
dhcp-range=10.26.1.10,10.26.1.254
|
||||
dhcp-range=10.27.1.10,10.27.1.254
|
||||
dhcp-range=10.28.1.10,10.28.1.254
|
||||
dhcp-range=10.29.1.10,10.29.1.254
|
||||
dhcp-range=10.30.1.10,10.30.1.254
|
||||
dhcp-range=10.31.1.10,10.31.1.254
|
||||
dhcp-range=10.32.1.10,10.32.1.254
|
||||
dhcp-range=10.33.1.10,10.33.1.254
|
||||
dhcp-range=10.34.1.10,10.34.1.254
|
||||
dhcp-range=10.35.1.10,10.35.1.254
|
||||
dhcp-range=10.36.1.10,10.36.1.254
|
||||
dhcp-range=10.37.1.10,10.37.1.254
|
||||
dhcp-range=10.38.1.10,10.38.1.254
|
||||
dhcp-range=10.39.1.10,10.39.1.254
|
||||
dhcp-range=10.40.1.10,10.40.1.254
|
||||
dhcp-range=10.41.1.10,10.41.1.254
|
||||
dhcp-range=10.42.1.10,10.42.1.254
|
||||
dhcp-range=10.43.1.10,10.43.1.254
|
||||
dhcp-range=10.44.1.10,10.44.1.254
|
||||
dhcp-range=10.45.1.10,10.45.1.254
|
||||
dhcp-range=10.46.1.10,10.46.1.254
|
||||
dhcp-range=10.47.1.10,10.47.1.254
|
||||
dhcp-range=10.48.1.10,10.48.1.254
|
||||
dhcp-range=10.254.1.10,10.254.1.254
|
|
@ -0,0 +1,27 @@
|
|||
#! /bin/sh /etc/rc.common
|
||||
|
||||
START=45
|
||||
STOP=89
|
||||
|
||||
VLANS=48
|
||||
|
||||
start () {
|
||||
stop
|
||||
|
||||
iptables -P INPUT ACCEPT
|
||||
iptables -P OUTPUT ACCEPT
|
||||
iptables -P FORWARD ACCEPT
|
||||
|
||||
iptables -A INPUT -p udp --dport 67 -j ACCEPT
|
||||
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
|
||||
iptables -A INPUT -s 10.0.0.0/16 -j ACCEPT
|
||||
iptables -A INPUT -j REJECT
|
||||
}
|
||||
|
||||
stop () {
|
||||
iptables -F INPUT
|
||||
iptables -F OUTPUT
|
||||
iptables -F FORWARD
|
||||
}
|
||||
|
||||
|
|
@ -0,0 +1,27 @@
|
|||
#### Switch configuration
|
||||
config switch eth0
|
||||
option enable 1
|
||||
option enable_vlan 0
|
||||
|
||||
#### Loopback configuration
|
||||
config interface loopback
|
||||
option ifname "lo"
|
||||
option proto static
|
||||
option ipaddr 127.0.0.1
|
||||
option netmask 255.0.0.0
|
||||
|
||||
#### Administrative network
|
||||
config interface admin
|
||||
option ifname "eth0"
|
||||
option proto static
|
||||
option ipaddr 10.0.0.1
|
||||
option netmask 255.255.0.0
|
||||
|
||||
#### Wireless
|
||||
config interface wifi
|
||||
option proto static
|
||||
option ipaddr 10.254.0.1
|
||||
option netmask 255.255.0.0
|
||||
|
||||
# OpenWRT's "ifup/ifdown" are horribly slow, so the 48
|
||||
# vlans are set up in an init script :)
|
|
@ -0,0 +1,20 @@
|
|||
#! /bin/sh /etc/rc.common
|
||||
|
||||
START=41
|
||||
STOP=89
|
||||
|
||||
VLANS=48
|
||||
|
||||
start () {
|
||||
for i in $(seq 1 $VLANS); do
|
||||
vconfig add eth0 $i
|
||||
ifconfig eth0.$i 10.$i.0.1 netmask 255.255.0.0
|
||||
done
|
||||
}
|
||||
|
||||
stop () {
|
||||
for i in $(seq 1 $VLANS); do
|
||||
vconfig rem eth0.$i
|
||||
done
|
||||
}
|
||||
|
|
@ -0,0 +1,9 @@
|
|||
config wifi-device wl0
|
||||
option type broadcom
|
||||
option channel 1
|
||||
|
||||
config wifi-iface
|
||||
option device wl0
|
||||
option network wifi
|
||||
option mode ap
|
||||
option ssid CTF
|
|
@ -0,0 +1,14 @@
|
|||
* "net-re" dash tripping up category validation in puzzler
|
||||
* scores not preserved in /var/lib/ctf, wtf?
|
||||
* bletchley 150 no key
|
||||
* claim.cgi not exiting
|
||||
* someone managed to get a point in no category. that broke the scoreboard.
|
||||
* ha ha, guess what this does if points.log already exists:
|
||||
install -o root -m 0644 /dev/null /var/lib/ctf/points.log
|
||||
* scoreboard: teams aren't properly filling columns (make td have size)
|
||||
* sequence 700 no key
|
||||
* steg 20 not m4ing key
|
||||
* no "pointscli" binary
|
||||
* steg 200 totally screwed up
|
||||
* get LAUR for contest
|
||||
|
|
@ -2,5 +2,4 @@ Things That Need Fixin'
|
|||
=======================
|
||||
|
||||
* puzzles.cgi really needs to cross out points your team has claimed.
|
||||
* I really hate C. Is it possible to use some other language (like
|
||||
Haskell)?
|
||||
* Make an OpenWRT router image for a FitPC
|
||||
|
|
|
@ -0,0 +1,3 @@
|
|||
#! /bin/sh
|
||||
|
||||
exec logger -t sshd
|
Binary file not shown.
|
@ -0,0 +1,8 @@
|
|||
#! /bin/sh
|
||||
|
||||
exec 2>&1
|
||||
if [ -d /opt/mcp ]; then
|
||||
sv d .
|
||||
exit
|
||||
fi
|
||||
exec dropbear -r ./rsa.key -E -F
|
Loading…
Reference in New Issue