ЭПИЧНАЯ ХУЕТА

# ЭПИЧНАЯ ХУЕТА ![1](https://i.imgur.com/dfzdi8r.png) G=21 ## Настройки ебаной виртуалки NAT_NETWORK: - NatNetwork - 10.0.10.0/24 - dhcp **На каждом интерфейсе меняем мак!!** R_Linux: - Сетевой мост - Сетевой мост - NatNetwork R_Windows: - Сетевой мост - Сетевой мост PC_1 + WEB: - Сетевой мост PC_2: - Сетевой мост PC_3: - Сетевой мост PC_4: - Сетевой мост Suricata: - Сетевой мост (**НЕРАЗБОРЧИВЫЙ РЕЖИМ**) - Сетевой мост (**НЕРАЗБОРЧИВЫЙ РЕЖИМ**) - Сетевой мост (**НЕРАЗБОРЧИВЫЙ РЕЖИМ**) PC_WEB: - NatNetwork ## R_Linux **enp0s3:** ```yaml IP: 192.168.212.2 MASK: 255.255.255.128 GATEWAY: 192.168.212.1 ``` **enp0s8:** ```yaml IP: 192.168.213.1 MASK: 255.255.255.248 GATEWAY: - ``` **enp0s9:** ```yaml IP: 10.0.10.10 MASK: 255.255.255.0 GATEWAY: 10.0.10.1 ``` **cmd:** ```shell=1 # Routing sudo sysctl -w net.ipv4.ip_forward=1 # Iptables sudo iptables -t nat -A POSTROUTING -o enp0s9 -j MASQUERADE sudo ip route add 192.168.211.0/27 via 192.168.212.1 dev enp0s3 ``` **ДЛЯ ВЕБ СЕРВАКОВ:** ```shell= sudo iptables -A FORWARD -p tcp -s 10.0.10.5 -d 192.168.211.2 -j ACCEPT sudo iptables -A FORWARD -s 10.0.10.5 -j DROP sudo iptables -A INPUT -s 10.0.10.5 -j DROP ``` **ДАЛЬШЕ ТОЛЬКО ЕСЛИ ВСЕ ПИНГУЕТСЯ И СУРИКАТА СРЕТ ЛОГИ!!!!** ```shell=1 # ICMP DROP sudo iptables -A OUTPUT -p icmp -j DROP ``` ## R_Windows **Ethernet:** ```yaml IP: 192.168.212.1 MASK: 255.255.255.128 GATEWAY: 192.168.212.2 ``` **Ethernet 2:** ```yaml IP: 192.168.211.1 MASK: 255.255.255.224 GATEWAY: - ``` **Regedit:** ```regedit! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\IPEnableRouter = 1 ``` **REBOOT!!** Block ICMP ## PC_1 + WEB **enp0s3:** ```yaml IP: 192.168.211.2 MASK: 255.255.255.224 GATEWAY: 192.168.211.1 ``` ставим апач ```shell= sudo apt install apache2 ``` Правила ```shell= sudo iptables -A INPUT -p tcp -s 10.0.10.5 --dport 80 -j ACCEPT sudo iptables -A INPUT -p tcp -j DROP ``` ## PC_2 **enp0s3:** ```yaml IP: 192.168.211.3 MASK: 255.255.255.224 GATEWAY: 192.168.211.1 ``` ## PC_3 **enp0s3:** ```yaml IP: 192.168.213.2 MASK: 255.255.255.248 GATEWAY: 192.168.213.1 ``` ## PC_4 **enp0s3:** ```yaml IP: 192.168.213.3 MASK: 255.255.255.248 GATEWAY: 192.168.213.1 ``` ## Suricata Сачала даем ему NAT и ставим сурка ```shell= sudo add-apt-repository ppa:oisf/suricata-stable sudo apt update sudo apt install suricata jq sudo nano /etc/suricata/suricata.yaml ``` В конфиге сурка ```yaml= HOME_NET: "[192.168.212.0/25]" ... af-packet: - interface: enp0s3 ... pcap: - interface: enp0s3 ... rdp: enabled: no ... sip: enabled: no ... mqtt: enabled: no ... rule-files: - suricata.rules - /etc/suricata/rules/local.rules ``` Далее ```shell sudo suricata-update sudo suricata-update list-sources sudo suricata-update enable-source es/open sudo suricata-update sudo systemctl stop suricata.service sudo suricata -T -c /etc/suricata/suricata.yaml -v sudo systemctl start suricata.service sudo nano /etc/suricata/rules/local.rules ``` ```ids= alert icmp any any -> $HOME_NET any (msg:"ICMP Ping"; sid:1; rev:1;) ``` ```shell= sudo systemctl restart suricata.service sudo systemctl status suricata.service cat /var/log/suricata/fast.log ``` **enp0s3:** ```yaml IP: 192.168.212.5 MASK: 255.255.255.128 GATEWAY: - ``` ```shell= netstat -i sudo ip link set enp0s3 promisc on sudo tcpdump -i enp0s3 icmp ``` ДОЛЖНО ВСЕ РАБОТАТЬ ВЫРУБАЕМ NAT И НАСТРАИВАЕМ ДАЛЬШЕ **enp0s8:** ```yaml IP: 192.168.213.5 MASK: 255.255.255.248 GATEWAY: - ``` **enp0s9:** ```yaml IP: 192.168.211.5 MASK: 255.255.255.224 GATEWAY: - ``` ```yaml= HOME_NET: "[192.168.211.0/27,192.168.212.0/25,192.168.213.0/29]" af-packet: - interface: enp0s3 cluster-id: 99 cluster-type: cluster_flow defrag: yes - interface: enp0s8 cluster-id: 98 cluster-type: cluster_flow defrag: yes - interface: enp0s9 cluster-id: 97 cluster-type: cluster_flow defrag: yes pcap: - interface: enp0s3 - interface: enp0s8 - interface: enp0s9 ``` ```shell= netstat -i sudo ip link set enp0s8 promisc on sudo ip link set enp0s9 promisc on netstat -i ``` Удалить правило(ICMP) из сурикаты ```shell= nano /vat/lib/suricata/suricata.rules # OS Detection меняем на any alert udp any 10000: -> $HOME_NET 10000: (msg:"ET SCAN NMAP OS Detection Probe"; dsize:300; content:"CCCCCCCCCCCCCCCCCCCC"; fast_pattern; content:"CCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCCC> sudo service suricata restart ``` # PC_WEB **enp0s3:** ```yaml IP: 10.0.10.5 MASK: 255.255.255.0 GATEWAY: 10.0.10.10 ``` Ставим ДНС и устанавливаем апач ```shell= sudo apt install apache2 ``` ВСЕ) --- ~~УБЕЙТЕ МЕНЯ НАХУЙ Я НЕ ХОЧУ БОЛЬШЕ ТАК~~