Use OpenStack CDCI template to start a new VM. To access the VM, login to cloud.grid.pub.ro using your UPB credentials, and from there ssh into the private IP from OpenStack using “ubuntu” as a username and your ssh key.
root@cdci:/$ ssh mihai.chiroiu@fep.grid.pub.ro [mihai.chiroiu@fep8 ~]$ ssh -vv ubuntu@<IP>
For this lab you will have to discover the topology manually.
First, make sure that your virtual machine is updated, run the provided update.sh script.
Next, in one terminal start the provided Mininet topology.
root@cdci:/# cd cdci/labs/lab03 root@cdci:/# /usr/bin/python3 topology.py
If there are any problems with starting the topology (if all is good you should see the Mininet prompt ”>”) use the given cleanup script and try to restart the topology. You will require a second (even third) ssh connection to the OpenStack VM.
The main goal of the lab is to discover the network infrastructure and protocols available. The attacker is connected directly into sw0 using attacker-eth0. First, login into the attacker's docker using the “attacker_bash.sh” script (from ~/cdci/labs/lab03).
The network uses DHCP, so you can get an IP address. Investigate the obtained resources via the DHCP protocol (IP address, routes, etc.) and write them down.
Now, that you are connected to the network re-run the DHCP protocol and save it using “tcpdump”. First, make sure that you flush the IP addresses on the interface (“ip a f”). You might need to open a second terminal to the attacker's docker. Open the saved capture on your local computer using Wireshark and inspect the DHCP process. Try to answer the following questions.
Now that you know what your network is, find out all available hosts within your subnet. For this job you can use the “nmap” tool and perform a very fast ping scan. You got a hint that all the networks use a /24 mask and that the default gateway uses .1 as its IP address. Optimize the nmap scanning time, search in the nmap manual for timing and performance options (in the virtual environment the RTT is typically less than 5ms).
After finding out the IP addresses in use on the topology, let's find the routes to each subnet. Use traceroute to identify the path.
Send an ICMP echo request to one of the remote hosts and notice the ICMP redirect message.
Now, it is time to discover the running services for each remote network. Ignore the services on the local network for the next exercises (i.e., 10.255.255.0/24). Write down the IP addresses and the open ports.
As you have already noticed, there is an DNS server running in the remote network. Use it to find out what is the named of the other two servers you discovered.
Lets try and see what the webserver offers. Unfortunately, the text-only version of Kali provides only a text-based browser, lynx. Start a capture on the interface and save it for later analysis, while browsing the website and reading Instructions webpage. The username and password for the site are admin / password.