You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Set up an HTB (Hack The Box) OpenVPN client in Ubuntu 18 to act as a VPN gateway and forward traffic from your LAN, which includes a Kali machine, to the internal network of HTB.
Problem: OpenVPN allow single connection concurrently to connect to the HTB lab. Hence, we can't distribute the OpenVPN config file to others as it will kick out the previously connected user.
What to expect: Able to share connection with multiple clients within the same network to HTB lab via Ubuntu server as VPN gateway.
Issue to expect: 1) Could not establish reverse shell directly to Kali machine.
Workaround: 1) Use port forwarder eg, use socat or iptables in Ubuntu gateway and forward to Kali machine
*rule 1 - adds a rule to the NAT table for outgoing packets (-o tun0), the source IP address should be replaced with the IP address of the interface tun0 using the MASQUERADE target (-j MASQUERADE).
*rule 2 - adds a rule to the FORWARD chain allows forwarding of packets from the tun0 interface (-i tun0) to the ens33 interface (-o ens33) if the packets are part of an established or related connection (-m state --state RELATED,ESTABLISHED).
*rule 3 - add rule to the FORWARD chain allows forwarding of packets from the ens33 interface (-i ens33) to the tun0 interface (-o tun0) without any restrictions.
7) Make the IP forwarding and iptables rules persistent.
After rebooting, the Ubuntu machine should act as a VPN gateway, forwarding traffic from LAN to the internal network of HTB lab via the OpenVPN connection (tun0).
Make sure the Kali machine is connected to the LAN and has access to the internet.
8) Configure a static route in clients eg Kali machine for the HTB lab network 192.168.200.0/24 with the next hop gateway IP address Ubuntu machine (192.168.8.220) as its default gateway. If you have any additional network later, just repeat this step.
kali> sudo ip route add 192.168.200.0/24 via 192.168.8.220
9) Verify if the routing information works. You should see the routing table updated with third entry. Please note that the actual output of the route -n command may vary depending on your specific network configuration.
kali> route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.8.1 0.0.0.0 UG 0 0 0 eth0
192.168.8.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.200.0 192.168.8.220 255.255.255.0 UG 0 0 0 eth0
10) Try pinging a host within the HTB network.
kali> ping <HTB_target>
* You can also check the OpenVPN logs on the Ubuntu machine (/var/log/openvpn.log) for any errors or connection issues, or just sudo grep -i vpn /var/log/syslog
Issue to expect: Could not establish reverse shell directly to Kali machine.
Workaround: Use port forwarder eg, use socat or iptables in Ubuntu gateway and forward to Kali machine
For receiving incoming port:
Method 1 using socat.
Use socat to forward any TCP incoming port to the Kali machine. Socat will listen on <local_port> on the Ubuntu machine, and any incoming traffic will be forwarded to <Kali_machine_IP>:<Kali_port>. Make sure the necessary firewall rules are in place to allow incoming connections on <local_port>.
1) Listen in Kali
kali> nc -lvp 9999
2) Setup socat in Ubuntu gateway to forward traffic to Kali machine
ubuntu> socat TCP-LISTEN:9999,fork TCP:<Kali_machine_IP>:9999 & # append '&' to run in the background
Considering we are in trusted LAN, to forward any port from the range of 8000 to 9000 to the LAN network (192.168.21.0/24) to receive a reverse shell, you can use the following steps:
1) Configure iptables rules. Assuming client machines in LAN are assigned with 192.168.21.0/24.
* This is not OPSEC safe as we are forwarding traffic to entire subnet. Anyone listening could capture the connection. For better OPSEC, please specify IP of Kali machine.