wsl stuff

#WSL stuff

#todo explanation

%\adhoc.ps1

#at top of script
if (!
	#current role
	(New-Object Security.Principal.WindowsPrincipal(
		[Security.Principal.WindowsIdentity]::GetCurrent()
	#is admin?
	)).IsInRole(
		[Security.Principal.WindowsBuiltInRole]::Administrator
	)
) {
	#elevate script and exit current non-elevated runtime
	Start-Process `
		-FilePath 'powershell' `
		-ArgumentList (
			#flatten to single array
			'-File', $MyInvocation.MyCommand.Source, $args `
			| %{ $_ }
		) `
		-Verb RunAs
	exit
}

'Host network?'
Pause

netsh interface set   interface     'name="WiFi"' 'admin=disabled'
netsh wlan      set   hostednetwork 'mode=allow'  'ssid=sneaky'    'key=icantthinkofanything'
netsh wlan      start hostednetwork
netsh interface set   interface     'name="WiFi"' 'admin=enabled'

'Forward ports?'
Pause



$sneak = (
	wsl -- ip addr show eth0 `
	| ?{ $_ -match '(?<=inet )[\d.]+' } `
	| %{ $Matches }
)[0]


#$interface = (
#	Get-NetAdapter -Name 'Local Area Connection*'
#).Name
#$box = '192.168.0.1'
#
#$old = @(
#	Get-NetIPAddress -InterfaceAlias $interface `
#	| %{ $_.IPAddress }
#)
#if (!$box) {
#	$box = $old[0]
#}
#else {
#	"Currently '$old', switching to '$box'"
#	if (!($old | ?{ $_ -eq $box })) {
#		New-NetIPAddress `
#			-InterfaceAlias $interface `
#			-IPAddress $box `
#			-PrefixLength 24 `
#		| Out-Null
#	}
#	$old = $old | ?{ $_ -ne $box}
#	if ($old) {
#		Remove-NetIPAddress $old
#	}
#}
#
#$port = '8080'
#&"$PSScriptRoot/tinymapper_wepoll.exe" -l "$($box):$port" -r "$($sneak):$port" -t #-u
##netsh interface portproxy delete v4tov4 "listenport=$port" <#"listenaddress=$box"#>
##netsh interface portproxy add    v4tov4 "listenport=$port" <#"listenaddress=$box"#> "connectport=$port" "connectaddress=$sneak"


Set-VMSwitch -SwitchName 'WSL' -NetAdapterName 'WiFi'
bash -c (@"
	sudo ip addr add 10.0.0.50/24 broadcast 10.0.0.255 dev eth0 label eth0:1
	sudo ip addr del $sneak/20 broadcast 172.24.223.255 dev eth0 label eth0
	sudo route del -net 0.0.0.0/0
	sudo route add -net 0.0.0.0/0 gw 10.0.0.1
"@ -replace '\r','')



'Teardown network?'
Pause

netsh wlan stop hostednetwork
netsh wlan set  hostednetwork 'mode=disallow'

'Done!'
Pause

%\mount.ps1

#sudo cryptsetup luksFormat --type luks2 /dev/sdc
#sudo mkfs.btrfs -f /dev/mapper/sneak

Start-Process 'wsl' ('--mount', '\\.\PHYSICALDRIVE1', '--bare') -Verb RunAs
bash -c (@'
	mkdir /mnt/wsl/sneak
	sudo cryptsetup luksOpen /dev/sdc sneak
	sudo mount \
		-o ssd,noatime,space_cache,commit=120,compress \
		/dev/mapper/sneak \
		/mnt/wsl/sneak
'@ -replace '\r','')

%\socks.ps1

bash -c (@'
	~/delegate/bin/dg9_9_13 \
		-f \
		-v \
		-P8080 \
		SERVER=socks5 \
		ADMIN=hashbrown@localhost
'@ -replace '\r','')

%\unmount.ps1

bash -c (@'
	sudo umount /mnt/wsl/sneak
	sudo cryptsetup luksClose sneak
'@ -replace '\r','')
Start-Process 'wsl' ('--unmount') -Verb RunAs

1 - init.sh

sudo apt update
sudo apt-get upgrade
sudo apt-get install \
	curl \
	git \
	man \
	silversearcher-ag \
	ssh \
	rsync \
	tmux \
	tree \
	vim \
	wget
wget https://packages.microsoft.com/config/debian/10/packages-microsoft-prod.deb
sudo dpkg -i packages-microsoft-prod.deb
sudo apt-get update
sudo apt-get install powershell

#after kernal build
sudo apt-get -t buster-backports install \
	btrfs-progs \
	iftop \
	iotop \
	net-tools \
	openvpn \
	resolvconf \
	ufw \
	wireguard
sudo update-alternatives --set iptables /usr/sbin/iptables-legacy
sudo update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy

2 - update kernel.sh

user=bob
vers='linux-msft-wsl-5.15.123.1'

sudo apt install bc build-essential flex bison libssl-dev libelf-dev dwarves
git clone --depth 1 --branch 'linux-msft-wsl-5.15.y' 'https://github.com/microsoft/WSL2-Linux-Kernel'

cd WSL2-Linux-Kernel/
cp Microsoft/config-wsl .config
#$diff .config Microsoft/config-wsl
#7c7
#< # Compiler: gcc (Debian 8.3.0-6) 8.3.0
#---
#> # Compiler: x86_64-msft-linux-gcc (GCC) 9.3.0
#10c10
#< CONFIG_GCC_VERSION=80300
#---
#> CONFIG_GCC_VERSION=90300
#12d11
#< CONFIG_CC_CAN_LINK=y
#897d895
#< CONFIG_INET6_TUNNEL=y
#902,904c900,901
#< CONFIG_IPV6_TUNNEL=y
#< CONFIG_IPV6_MULTIPLE_TABLES=y
#< CONFIG_IPV6_SUBTREES=y
#---
#> # CONFIG_IPV6_TUNNEL is not set
#> # CONFIG_IPV6_MULTIPLE_TABLES is not set
#996c993
#< CONFIG_NETFILTER_XT_CONNMARK=y
#---
#> # CONFIG_NETFILTER_XT_CONNMARK is not set
#1797d1793
#< CONFIG_NET_VRF=y
#3323a3320
#>
make -j`nproc`

cp vmlinux "/mnt/c/Users/$user/$vers"
printf '%s\r\n%s' '[wsl2]' 'kernel=C:\\Users\\'"$user"'\\'"$vers" >"/mnt/c/Users/$user/.wslconfig"
#RESTART

vers=`uname -r | sed 's/[+]$//'`
sudo make -j`nproc` headers_install
sudo make -j`nproc` modules_install
sudo rm "/lib/modules/$vers"
sudo ln -s "/lib/modules/$vers+" "/lib/modules/$vers"
sudo cp -r ./ "/usr/src/$vers"
sudo rm "/lib/modules/$vers/"{source,build}
sudo ln -s "/usr/src/$vers" "/lib/modules/$vers/build"
sudo ln -s "/usr/src/$vers" "/lib/modules/$vers/source"

3 - manual upgrade.sh

sudo apt-get install packaging-dev debian-keyring devscripts equivs
#rmadison deluge #deluge | 2.0.3-3 | testing | source, all
echo 'deb-src http://deb.debian.org/debian/ testing main' | sudo tee -a /etc/apt/sources.list
sudo apt update
sudo apt-get install -t buster-backports debhelper


#deluge v2
apt source deluge/testing
cd deluge-*/
sudo mk-build-deps --install --remove
dch --bpo
fakeroot debian/rules binary
dpkg-buildpackage -us -uc
sudo apt install ../deluge{-common,-console,d,-web}_*_*.deb

#NONE OF THE FOLLOWING ARE REQIRED ANYMORE WITH NATIVE v5 KERNEL

#reguires compilation against kernel
git clone --depth 1 --branch 'v0.0.20191226' https://git.zx2c4.com/wireguard-linux-compat
cd wireguard-linux-compat/src
sed -i 's/skb_reset_tc/skb_reset_redirect/' queueing.h
make -j$(nproc)
sudo make install

git clone --depth 1 --branch v1.0.20191226 https://git.zx2c4.com/wireguard-tools
cd wireguard-tools/src -j$(nproc)
make -j$(nproc)
sudo make install


#requires compilation against kernel
sudo apt-get install -t buster-backports libnftnl-dev netbase
apt source iptables/unstable
cd iptables-*/
sudo mk-build-deps --install --remove
dch --bpo
fakeroot debian/rules binary
dpkg-buildpackage -us -uc
sudo apt install ../{iptables,libip*,libx*}_*_*.deb

apt source ufw/unstable
cd ufw-*/
sudo mk-build-deps --install --remove
dch --bpo
fakeroot debian/rules binary
dpkg-buildpackage -us -uc
sudo apt install ../ufw_*_*.deb

~\vpn\during.sh

#!/bin/bash
DIR=`dirname $(readlink -f "$0")`
int=$1

echo Allowing incomming...
echo ...SSH
sudo ufw allow in on $int to any port      22 proto tcp >/dev/null
echo ...NetBIOS, SMB, LLMNR
sudo ufw allow in on $int to any port 137,138 proto udp >/dev/null
sudo ufw allow in on $int to any port 137,139 proto tcp >/dev/null
sudo ufw allow in on $int to any port     445 proto tcp >/dev/null
sudo ufw allow in on $int to any port    5355 proto udp >/dev/null
sudo ufw allow in on $int to any port    5355 proto tcp >/dev/null
echo ...SOCKS, RDP
sudo ufw allow in on $int to any port    8080 proto tcp >/dev/null
sudo ufw allow in on $int to any port    3389 proto tcp >/dev/null
#echo ...deluge
#sudo ufw allow in on $int to any port   58846 proto tcp > /dev/null
##this is set to 4000 anyway
echo connexions and nothing else in on real
sudo ufw deny in on $int >/dev/null

sudo cp "$DIR/resolv.conf" /etc/

~\vpn\hostap.sh

DIR=`dirname $(readlink -f "$0")`
sudo rfkill unblock all
#sudo create_ap -c 11 -w 2 --ieee80211ac --ieee80211n wlp3s0 $1 $SSD $PASS
sudo "$DIR/lnxrouter" --ap wlp3s0 $SSD -p $PASS -w 2 -c 11 --no-virt --hostname sneakbox

~\vpn\hosting.sh

mapfile -t ip < <(ip a show wlp3s0 | sed -E -e '/inet/!d' -e 's#^.*inet\s+([0-9.]+)/([0-9]+)\s.*$#\1\n\2#')
sudo ufw allow from "${ip[0]}/${ip[1]}" to ${ip[0]}

~\vpn\old\portforward.sh

#USER=`head -1 auth | tail -1`
#PASSWORD=`head -2 auth | tail -1`
#
#LOCAL_IP=`ip addr show tun0|grep -oE "inet *10\.[0-9]+\.[0-9]+\.[0-9]+"|tr -d "a-z :"|tee /tmp/vpn_ip`
#
#if [[ -z "$1" ]]; then
#  CLIENT_ID=`head -n 100 /dev/urandom | md5sum | tr -d " -"`
#  echo $CLIENT_ID
#else
#  CLIENT_ID="$1"
#fi
#
#ADDR='https://www.privateinternetaccess.com/vpninfo/port_forward_assignment'
#
#JSON=`wget -q --post-data="user=$USER&pass=$PASSWORD&client_id=$CLIENT_ID&local_ip=$LOCAL_IP" -O - "$ADDR" | head -1`
#
#echo $JSON




#CLIENT_ID=`head -n 100 /dev/urandom | sha256sum | tr -d " -"`
CLIENT_ID='721c4843a0764cbb0a4072f4a39c3e423f728a4dfe5ab916b21262dadad481db'
curl "http://209.222.18.222:2000/?client_id=$CLIENT_ID" 2>/dev/null | \
	grep -oP '(?<="port":)[0-9]+'

~\vpn\openvpn.sh

#!/bin/bash
DIR=`dirname $(readlink -f "$0")`

CONFIG="$DIR/openvpn/$1.ovpn"
ADDR=(`grep -P '^remote (\d{1,3}\.){3}\d{1,3} \d{2,5}$' "$CONFIG"`)
PROTO=(`grep -P '^proto (udp|tcp)' "$CONFIG"`)

sudo "$DIR/preup.sh" "${ADDR[1]}" "${ADDR[2]}" "${PROTO[1]}" 'eth0'

cd `dirname "$CONFIG"`
trap "sudo $DIR/predown.sh 'eth0'" SIGINT
sudo openvpn \
	--config "$CONFIG" \
	--auth-user-pass "$DIR/auth" \
	--up "$DIR/postup.sh 'eth0' 'tun0'" \
	--down "$DIR/predown.sh 'eth0'" \
	--script-security 2 \
|| sudo "$DIR/predown.sh 'eth0'"

~\vpn\openvpn\new.sh

rm -rf old/
mkdir old
mv *.ovpn old/

cd orig/
for conf in *.ovpn
do
	name=`ag -o '(?<=^remote )[^ ]+' $conf | head -1`
	ip=`getent hosts echo $name | cut -d' ' -f1 | head -1`
	cat $conf | sed "s/ $name / $ip /" > `echo "$conf" | sed 's#^[^-]*-#../#' | sed 's#1\?\(-ext\)\?\.ovpn$#.ovpn#'`
done

~\vpn\postup.sh

#!/bin/bash
DIR=`dirname $(readlink -f "$0")`
int=$1
tun=$2
echo VPN is up

"$DIR/during.sh" $int

echo Allowing incomming...
echo ...55800 to 55899 port
sudo ufw allow in on $tun from any to any port 55800:55899 proto tcp >/dev/null
echo ...443 port
sudo ufw allow in on $tun from any to any port 443 proto tcp >/dev/null
echo connexions and nothing else on VPN
sudo ufw deny in on $tun >/dev/null

sed -i --follow-symlinks "s/^external: .*$/external: $tun/" "$DIR/danted.conf"
sudo service danted restart

~\vpn\predown.sh

#!/bin/bash
DIR=`dirname $(readlink -f "$0")`
int=$1
echo VPN is down

echo Resetting firewall
sudo ufw --force reset  >/dev/null
sudo ufw --force enable >/dev/null

echo Allowing DHCP
sudo ufw allow to any port 53 >/dev/null
sudo ufw allow to any port 67 >/dev/null
sudo ufw allow to any port 68 >/dev/null

echo and nothing else
sudo ufw deny out on $int >/dev/null

"$DIR/during.sh" $int

~\vpn\preup.sh

#!/bin/bash
addr=$1
port=$2
proto=$3
int=$4

echo Resetting firewall
sudo ufw --force reset  > /dev/null
sudo ufw --force enable > /dev/null

echo Allowing outbound...
echo ...VPN $addr:$port/$proto
sudo ufw allow out on $int to $addr port $port proto $proto >/dev/null
echo connexions and nothing else on real
sudo ufw deny out on $int >/dev/null

~\vpn\tmpDNSfix.sh

#!/bin/bash
#/etc/resolv.conf
#resolvconf -u
#exit 0

cat << EOF > resolv.conf
domain home.gateway
search home.gateway
EOF
./update-resolv-conf $@ 2>/dev/null | \
	grep -P 'DNS (\d{1,3}\.){3}\d{1,3}$' | \
	grep -oP '(\d{1,3}\.){3}\d{1,3}$' | \
	xargs -I {} echo nameserver {} \
	>> resolv.conf
mv resolv.conf /etc
#echo nameserver 8.8.8.8 >> /etc/resolv.conf

~\vpn\tmux.conf

# tmux new-session -s vpn 'tmux source-file /home/hashbrown/vpn/tmux.conf'
new
neww

splitw -h
send 'vpn/hostap.sh'
splitw -v
send 'deluged -c .config/baka-deluge -d'
splitw -h
send 'deluge-web -c .config/baka-deluge -d'

selectp -t 0
send 'vpn/wireguard.sh tor' C-m
splitw -v
send 'deluged -d'
splitw -h
send 'deluge-web -d'

~\vpn\wireguard.sh

#!/bin/bash
DIR=`dirname $(readlink -f "$0")`
DO="$DIR/wireguard/$1.conf"
UNDO="$DIR/wireunguard.conf"

printf '%s\n' \
        '#!/bin/bash' \
        "sudo wg-quick down '$DO'" \
        "rm '$UNDO'" \
>"$UNDO"
chmod +x "$UNDO"
sudo wg-quick up "$DO"

~\vpn\wireguard\new.sh

mkdir orig || exit
mv *.conf orig/

DIR=`dirname "$(dirname "$(readlink -f "$0")")"`
int='eno1'

cd orig/
for conf in *.conf
do
	addr=`ag -o '(?<=^Endpoint = ).*' $conf`
	port=`echo $addr | ag -o '(?<=:).*$'`
	addr=`getent hosts $(echo $addr | ag -o '^[^:]+') | cut -d' ' -f1 | head -1`
	cat $conf \
	| sed '0,/^$/ s#^$#PreUp = '$DIR'/preup.sh '$addr' '$port' udp '$int'\nPostUp = '$DIR'/postup.sh '$int' %i\nPreDown = '$DIR'/predown.sh '$int'\n#' \
	| sed 's/^Endpoint = .*/Endpoint = '$addr:$port'/' \
	> `echo "$conf" | sed 's#^.*-#../#'`
done