book and code

Tag Archives

7 Articles

HOW TO VPN FROM AWS

by Jamey 0 Comments
HOW TO VPN FROM AWS

Wouldn’t it be nice if we could utilize the resources and bandwidth of AWS, while maintaining the privacy of a VPN? Well, look no further, because I seem to have stumbled upon a solution, and this one is going to be a doozy. The process that I am about to outline may not be the easiest method of achieving this goal, and I’m sure other methods exist (probably by utilizing some form of split tunneling), however, I tried this particular method, and it worked flawlessly to achieve my needs, and I figured I would share in order to help those in need of this niche form of connectivity. I don’t really see Amazon putting anything in place that would monitor or stop this behavior, so I’m going to go ahead and put this out there to help spread the privacy love.


The problem

If you have ever used AWS for red team penetration testing or “grayhat activities” such as scanning the entire Internet using tools such as masscan, you know that it can be a real pain in the ass when it comes to triggering their terms of service and having to provide an explanation of what happened and what you did to resolve the issue before getting your account shut down. If you are familiar with AWS, you will know that there is no shortage of information on setting up VPNs in AWS, but most of that documentation surrounds point-to-point or site-to-site VPNs.

If you want to hide your home network traffic from your ISP, you simply use a VPN client, but if you aren’t using split-tunneling, or if your VPN client doesn’t provide that capability, then you know that all traffic is going out through the VPN interface, and you lose access to the host from your local network.

Such is the case when trying to use a VPN remotely. If you are connecting via SSH, as soon as you activate the VPN adapter, all traffic is forced through the VPN interface, including your SSH session, which causes it to either die or hang indefinitely, and you will be unable to re-connect to your remote instance until normal connectivity has been established.


The solution

I’ll go ahead and provide a TL;DR up front before going into all the details: use an AWS Nitro-based instance, which provides you with browser-based access to the serial console.

In this example, we are going to use Ubuntu 20.04 and set up an instance type c5n.4xlarge, which gives us a 25G network connection and 16vCPUs, which isn’t enough to require an explicit request to increase the number of vCPUs available (and also includes 42G of RAM). This should be enough for our requirements to scan the Internet at a decent speed, although if you are scanning for multiple ports, you may want to fill out the request to increase your vCPU quota, which will allow you access to the instance types with an even larger network connection. The c5n.4xlarge instance type currently runs you $0.864/hour (just under $650/month — not including traffic and storage), and if you are worried about that, then you are more than likely not thinking like a hacker. Should creating a throwaway account make you feel guilty? Not in the slightest. Bezos can afford us this simple pleasure in life, and it doesn’t go without effort on the part of the user, so I feel like I can use one when the need arises, while at the same time having a negligible effect on my sense of morality. Anyways, we’ll set this c5n.4xlarge Ubuntu guy up with a 100GB IO2 SSD, and we’re good to go.

If you are wanting to maintain one of these high-bandwidth VPN instances, the cheapest I saw was the a1.medium with a 10G connection, 1vCPU, and 1GB of RAM, currently running at $0.0255/hour (costing you just under $20/month, excluding traffic and storage).


Preparing for serial access

You will need a user with a password for accessing the serial console. For the purposes of this example, we are going to use the username serialuser and password password123$, so go ahead and SSH into this instance, and create the user:

sudo adduser serialuser

Continue with all of the defaults, and then we need to add this guy to sudoers:

sudo usermod -aG sudo serialuser

On Amazon Linux (or other RHEL-based distros like CentOS), you would just replace the sudo group with the wheel group in the above command.

Finally, I like to make sure that everything is fully-updated before I begin my fuckery, so let’s go ahead and get everything in order (if you want to add NOPASSWD:ALL in /etc/sudoers, now would be the time to run sudo visudo):

sudo apt update
sudo apt dist-upgrade
sudo apt autoremove
sudo reboot

At this point, you should be able to select your instance in the AWS EC2 Console, and click Connect. Select the “Serial” tab, and make sure serial access is enabled, and click “Connect”. If you don’t see anything at all on the screen after a while, then go ahead and restart the instance via the console and repeat the same procedure, and you should see your instance booting and eventually be presented with a login prompt. Enter the credentials for serialuser that we created previously, and you’re good to go.


Example VPN setup

We’re going to use ProtonVPN as an example, and I have the Plus plan, but for the example, we’ll use the Basic (free) plan, so the connection location I choose may be different from the one you choose.

Let’s install the dependencies:

sudo apt install python3-pip openvpn dialog

We’ll be ignoring best practices during this example (hence already installing pip3 as an OS package). We will also be installing protonvpn-cli from PyPi, because I like that version better than the official version and feel like it’s easier to use.

sudo -H pip3 install protonvpn-cli

Like I said, no best practices in sight. Using sudo -H will install protonvpn-cli as root in /usr/local/bin, which is already in our $PATH.

Next, run the following command to enter all of your ProtonVPN information and get it all set up:

sudo protonvpn init

Next, we’re going to connect to the VPN within a screen session so that we can do other stuff in the serial console.

screen -LS vpn
sudo protonvpn c

Choose your server an protocol, and you should be connected. Finally, let’s take care of some DNS stuff real quick, since resolveconf can really try to burn you:

sudo mv /etc/resolv.conf /etc/resolv.conf.bak
cat /etc/resolv.conf.bak | tee /etc/resolv.conf

Before disconnecting from VPN, you will want to replace your original resolv.conf by running sudo mv /etc/resolv.conf.bak /etc/resolv.conf. You can disconnect from VPN after doing this by running protonvpn d, and your orginal DNS setting should be written back to /etc/resolv.conf.

Ctrl+A-D to get back to the normal console session and confirm by getting your current external IP and checking the information like in the example command/output below:

$ curl icanhazip.com
5.8.16.166

$ curl ipinfo.io/5.8.16.166
{
  "ip": "5.8.16.166",
  "city": "Saint Petersburg",
  "region": "St.-Petersburg",
  "country": "RU",
  "loc": "59.9386,30.3141",
  "org": "AS206804 EstNOC OY",
  "postal": "190000",
  "timezone": "Europe/Moscow",
  "readme": "https://ipinfo.io/missingauth"
}

Bingo-bango.

2 views

Adding a Lock Screen to Signal Desktop

by Jamey 0 Comments
Adding a Lock Screen to Signal Desktop

In this post, I will describe improvement steps that I have tried to make by contributing to the open source Signal Desktop project on GitHub, as well as creating my own application patch for Linux and MacOS.

I have recently been in full CON mode for DEF CON 28 SAFE MODE, which just ended yesterday. This year, all of the festivities took place on Discord and Twitch, and they pulled it off perfectly without a hitch. However, many of us reminisced about years past and the fun had in Las Vegas, which was the only thing missing this year. One of the upsides of this was not having to worry about your laptop or phone traffic being sniffed or getting hacked, as in years past, every precaution was taken — from bringing clean laptops with fresh and disposable Kali installations, to bringing burner phones — and all important communication between friends took place on Signal — the go-to app for private comms.

119 views

Setting Up Distributed Computing on BSD Systems in Order to Aid COVID-19 Research

by Jamey 7 Comments
Setting Up Distributed Computing on BSD Systems in Order to Aid COVID-19 Research

This will be a tutorial on setting up BOINC on FreeBSD (specifically, FreeNAS), in order to devote your extra computing power to aid The National Upcycled Computing Collective (NUCC, Inc.), a 501c non-profit organization, who is working on distributed computing projects with Rosetta@Home, which is focused solely on COVID-19 research at the time of this writing. Click here to read more about NUCC, and be sure to check out (and follow) @nucc_inc and @NUCC_STATS on Twitter. If you are fresh out of CPU cycles and would much rather prefer directly feeding cash to the cause, please feel free to do so here.

To get instructions for other operating systems that will have you processing workloads in less than 10 minutes, view the GitHub repo featuring quick super-quick setups scripts at https://github.com/phx/nucc.

825 views

How to Host a Hidden Service .onion Site on the Dark Web

by Jamey 5 Comments
How to Host a Hidden Service .onion Site on the Dark Web

Warning: the recommendations made here are in reference to hosting your own personal content, not to become a web hosting provider on the dark web. You are responsible for the content that you host (maybe depending on region — I’m not a lawyer), but you don’t want to find yourself anywhere in the distribution pipeline related to the nefarious goods and services of others.

This guide is tuned toward hosting on Amazon Web Services (AWS) on Ubuntu 18.04. The same things can be achieved using RPM-based distros by substituting the packaging commands and tweaking the instructions as necessary.

1,697 views

How to SSH to a Jailbroken iOS Device over USB

by Jamey 1 Comment
How to SSH to a Jailbroken iOS Device over USB

I recently had to set up testing against our Akamai Staging environment which uses a different IP address than production. This required me to get a new MacBookPro that would support the latest version of MacOS, as well as the latest version of Xcode, just so that I could have sudo access to change add an entry in /etc/hosts in order to build the application from source and run it in the iOS simulator (since the Simulator doesn’t come packaged with the iOS AppStore). Then I had to carry around another computer in my backpack simply because I refuse to separate from Arch Linux and i3-gaps (which can perfectly emulate the Android version without issues), but I digress…

2,599 views