cyber-security-resources/virl_topologies/new_topo/art_of_hacking_1.virl

797 lines
19 KiB
Plaintext
Raw Permalink Normal View History

2018-06-02 01:19:42 -04:00
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<topology xmlns="http://www.cisco.com/VIRL" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" schemaVersion="0.95" xsi:schemaLocation="http://www.cisco.com/VIRL https://raw.github.com/CiscoVIRL/schema/v0.95/virl.xsd">
<node name="iosv-1" type="SIMPLE" subtype="IOSv" location="301,221" ipv4="192.168.0.3">
<extensions>
<entry key="config" type="string">! IOS Config generated on 2018-06-02 05:15
! by autonetkit_0.24.0
!
hostname iosv-1
boot-start-marker
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
!
no aaa new-model
!
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service config
enable password cisco
ip classless
ip subnet-zero
no ip domain lookup
ip domain name virl.info
crypto key generate rsa modulus 768
ip ssh server algorithm authentication password
username cisco privilege 15 secret cisco
line vty 0 4
transport input ssh telnet
exec-timeout 720 0
password cisco
login local
line con 0
password cisco
!
no cdp run
!
!
interface Loopback0
description Loopback
ip address 192.168.0.3 255.255.255.255
!
interface GigabitEthernet0/0
description OOB Management
vrf forwarding Mgmt-intf
! Configured on launch
no ip address
duplex full
speed auto
no shutdown
!
interface GigabitEthernet0/1
description to server-1
ip address 10.0.0.5 255.255.255.252
ip ospf cost 1
duplex full
speed auto
no shutdown
!
interface GigabitEthernet0/2
description to iosv-4
ip address 10.0.0.17 255.255.255.252
ip ospf cost 1
duplex full
speed auto
no shutdown
!
!
!
router ospf 1
network 192.168.0.3 0.0.0.0 area 0
log-adjacency-changes
passive-interface Loopback0
network 10.0.0.4 0.0.0.3 area 0
network 10.0.0.16 0.0.0.3 area 0
!
!
router bgp 1
bgp router-id 192.168.0.3
no synchronization
! ibgp
! ibgp peers
!
neighbor 192.168.0.4 remote-as 1
neighbor 192.168.0.4 description iBGP peer iosv-2
neighbor 192.168.0.4 update-source Loopback0
!
neighbor 192.168.0.7 remote-as 1
neighbor 192.168.0.7 description iBGP peer iosv-3
neighbor 192.168.0.7 update-source Loopback0
!
neighbor 192.168.0.8 remote-as 1
neighbor 192.168.0.8 description iBGP peer iosv-4
neighbor 192.168.0.8 update-source Loopback0
!
!
!
address-family ipv4
network 192.168.0.3 mask 255.255.255.255
neighbor 192.168.0.4 activate
neighbor 192.168.0.7 activate
neighbor 192.168.0.8 activate
exit-address-family
!
!
!
end</entry>
<entry key="AutoNetkit.mgmt_ip" type="string"></entry>
</extensions>
<interface id="0" name="GigabitEthernet0/1" ipv4="10.0.0.5" netPrefixLenV4="30"/>
<interface id="1" name="GigabitEthernet0/2" ipv4="10.0.0.17" netPrefixLenV4="30"/>
</node>
<node name="iosv-2" type="SIMPLE" subtype="IOSv" location="306,368" ipv4="192.168.0.4">
<extensions>
<entry key="config" type="string">! IOS Config generated on 2018-06-02 05:15
! by autonetkit_0.24.0
!
hostname iosv-2
boot-start-marker
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
!
no aaa new-model
!
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service config
enable password cisco
ip classless
ip subnet-zero
no ip domain lookup
ip domain name virl.info
crypto key generate rsa modulus 768
ip ssh server algorithm authentication password
username cisco privilege 15 secret cisco
line vty 0 4
transport input ssh telnet
exec-timeout 720 0
password cisco
login local
line con 0
password cisco
!
no cdp run
!
!
interface Loopback0
description Loopback
ip address 192.168.0.4 255.255.255.255
!
interface GigabitEthernet0/0
description OOB Management
vrf forwarding Mgmt-intf
! Configured on launch
no ip address
duplex full
speed auto
no shutdown
!
interface GigabitEthernet0/1
description to server-2
ip address 10.0.0.21 255.255.255.252
ip ospf cost 1
duplex full
speed auto
no shutdown
!
interface GigabitEthernet0/2
description to iosv-4
ip address 10.0.0.25 255.255.255.252
ip ospf cost 1
duplex full
speed auto
no shutdown
!
!
!
router ospf 1
network 192.168.0.4 0.0.0.0 area 0
log-adjacency-changes
passive-interface Loopback0
network 10.0.0.20 0.0.0.3 area 0
network 10.0.0.24 0.0.0.3 area 0
!
!
router bgp 1
bgp router-id 192.168.0.4
no synchronization
! ibgp
! ibgp peers
!
neighbor 192.168.0.3 remote-as 1
neighbor 192.168.0.3 description iBGP peer iosv-1
neighbor 192.168.0.3 update-source Loopback0
!
neighbor 192.168.0.7 remote-as 1
neighbor 192.168.0.7 description iBGP peer iosv-3
neighbor 192.168.0.7 update-source Loopback0
!
neighbor 192.168.0.8 remote-as 1
neighbor 192.168.0.8 description iBGP peer iosv-4
neighbor 192.168.0.8 update-source Loopback0
!
!
!
address-family ipv4
network 192.168.0.4 mask 255.255.255.255
neighbor 192.168.0.3 activate
neighbor 192.168.0.7 activate
neighbor 192.168.0.8 activate
exit-address-family
!
!
!
end</entry>
<entry key="AutoNetkit.mgmt_ip" type="string"></entry>
</extensions>
<interface id="0" name="GigabitEthernet0/1" ipv4="10.0.0.21" netPrefixLenV4="30"/>
<interface id="1" name="GigabitEthernet0/2" ipv4="10.0.0.25" netPrefixLenV4="30"/>
</node>
<node name="iosv-3" type="SIMPLE" subtype="IOSv" location="678,276" ipv4="192.168.0.7">
<extensions>
<entry key="config" type="string">! IOS Config generated on 2018-06-02 05:15
! by autonetkit_0.24.0
!
hostname iosv-3
boot-start-marker
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
!
no aaa new-model
!
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service config
enable password cisco
ip classless
ip subnet-zero
no ip domain lookup
ip domain name virl.info
crypto key generate rsa modulus 768
ip ssh server algorithm authentication password
username cisco privilege 15 secret cisco
line vty 0 4
transport input ssh telnet
exec-timeout 720 0
password cisco
login local
line con 0
password cisco
!
no cdp run
!
!
interface Loopback0
description Loopback
ip address 192.168.0.7 255.255.255.255
!
interface GigabitEthernet0/0
description OOB Management
vrf forwarding Mgmt-intf
! Configured on launch
no ip address
duplex full
speed auto
no shutdown
!
interface GigabitEthernet0/1
description to asav-1
ip address 10.0.0.10 255.255.255.252
ip ospf cost 1
duplex full
speed auto
no shutdown
!
interface GigabitEthernet0/2
description to server-3
ip address 10.0.0.29 255.255.255.252
ip ospf cost 1
duplex full
speed auto
no shutdown
!
!
!
router ospf 1
network 192.168.0.7 0.0.0.0 area 0
log-adjacency-changes
passive-interface Loopback0
network 10.0.0.8 0.0.0.3 area 0
network 10.0.0.28 0.0.0.3 area 0
!
!
router bgp 1
bgp router-id 192.168.0.7
no synchronization
! ibgp
! ibgp peers
!
neighbor 192.168.0.3 remote-as 1
neighbor 192.168.0.3 description iBGP peer iosv-1
neighbor 192.168.0.3 update-source Loopback0
!
neighbor 192.168.0.4 remote-as 1
neighbor 192.168.0.4 description iBGP peer iosv-2
neighbor 192.168.0.4 update-source Loopback0
!
neighbor 192.168.0.8 remote-as 1
neighbor 192.168.0.8 description iBGP peer iosv-4
neighbor 192.168.0.8 update-source Loopback0
!
!
!
address-family ipv4
network 192.168.0.7 mask 255.255.255.255
neighbor 192.168.0.3 activate
neighbor 192.168.0.4 activate
neighbor 192.168.0.8 activate
exit-address-family
!
!
!
end</entry>
<entry key="AutoNetkit.mgmt_ip" type="string"></entry>
</extensions>
<interface id="0" name="GigabitEthernet0/1" ipv4="10.0.0.10" netPrefixLenV4="30"/>
<interface id="1" name="GigabitEthernet0/2" ipv4="10.0.0.29" netPrefixLenV4="30"/>
</node>
<node name="asav-1" type="SIMPLE" subtype="ASAv" location="543,274">
<extensions>
<entry key="config" type="string">! ASAv Config generated on 2018-06-02 05:15
! by autonetkit_0.24.0
!
hostname asav-1
username cisco password cisco privilege 15
enable password cisco
passwd cisco
names
!
interface GigabitEthernet0/0
description to iosv-4
duplex full
nameif outside
security-level 0
no shutdown
ip address 10.0.0.13 255.255.255.252
interface GigabitEthernet0/1
description to iosv-3
duplex full
nameif outside-1
security-level 0
no shutdown
ip address 10.0.0.9 255.255.255.252
interface Management0/0
description OOB Management
duplex full
management-only
nameif mgmt
security-level 100
no shutdown
! Configured on launch
no ip address
!
same-security-traffic permit inter-interface
logging enable
logging asdm informational
user-identity default-domain LOCAL
aaa authentication ssh console LOCAL
http server enable
http 0.0.0.0 0.0.0.0 mgmt
ssh 0.0.0.0 0.0.0.0 mgmt
telnet 0.0.0.0 0.0.0.0 mgmt
http 0.0.0.0 0.0.0.0 outside
ssh 0.0.0.0 0.0.0.0 outside
telnet 0.0.0.0 0.0.0.0 outside
http 0.0.0.0 0.0.0.0 outside-1
ssh 0.0.0.0 0.0.0.0 outside-1
telnet 0.0.0.0 0.0.0.0 outside-1
ssh version 2
crypto key generate rsa modulus 768
telnet timeout 15
console timeout 0
username cisco password cisco privilege 15
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect ip-options
inspect netbios
inspect rtsp
inspect sunrpc
inspect tftp
inspect xdmcp
inspect dns preset_dns_map
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect esmtp
inspect sqlnet
inspect sip
inspect skinny
inspect icmp
inspect http
!
service-policy global_policy global
no call-home reporting anonymous
call-home
profile CiscoTAC-1
no active
end
</entry>
<entry key="AutoNetkit.mgmt_ip" type="string"></entry>
</extensions>
<interface id="0" name="GigabitEthernet0/0" ipv4="10.0.0.13" netPrefixLenV4="30"/>
<interface id="1" name="GigabitEthernet0/1" ipv4="10.0.0.9" netPrefixLenV4="30"/>
</node>
<node name="server-1" type="SIMPLE" subtype="server" location="181,216">
<extensions>
<entry key="config" type="string">#cloud-config
bootcmd:
- ln -s -t /etc/rc.d /etc/rc.local
hostname: server-1
manage_etc_hosts: true
runcmd:
- start ttyS0
- systemctl start getty@ttyS0.service
- systemctl start rc-local
- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config
- echo "UseDNS no" &gt;&gt; /etc/ssh/sshd_config
- service ssh restart
- service sshd restart
users:
- default
- gecos: User configured by VIRL Configuration Engine 0.23.10
lock-passwd: false
name: cisco
plain-text-passwd: cisco
shell: /bin/bash
ssh-authorized-keys:
- VIRL-USER-SSH-PUBLIC-KEY
sudo: ALL=(ALL) ALL
write_files:
- path: /etc/init/ttyS0.conf
owner: root:root
content: |
# ttyS0 - getty
# This service maintains a getty on ttyS0 from the point the system is
# started until it is shut down again.
start on stopped rc or RUNLEVEL=[12345]
stop on runlevel [!12345]
respawn
exec /sbin/getty -L 115200 ttyS0 vt102
permissions: '0644'
- path: /etc/systemd/system/dhclient@.service
content: |
[Unit]
Description=Run dhclient on %i interface
After=network.target
[Service]
Type=oneshot
ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease
RemainAfterExit=yes
owner: root:root
permissions: '0644'
- path: /etc/rc.local
owner: root:root
permissions: '0755'
content: |-
#!/bin/sh
ifconfig eth1 up 10.0.0.6 netmask 255.255.255.252
route add -net 10.0.0.0/8 gw 10.0.0.5 dev eth1
route add -net 192.168.0.0/28 gw 10.0.0.5 dev eth1
exit 0
</entry>
</extensions>
<interface id="0" name="eth1" ipv4="10.0.0.6" netPrefixLenV4="30"/>
</node>
<node name="server-2" type="SIMPLE" subtype="server" location="178,366">
<extensions>
<entry key="config" type="string">#cloud-config
bootcmd:
- ln -s -t /etc/rc.d /etc/rc.local
hostname: server-2
manage_etc_hosts: true
runcmd:
- start ttyS0
- systemctl start getty@ttyS0.service
- systemctl start rc-local
- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config
- echo "UseDNS no" &gt;&gt; /etc/ssh/sshd_config
- service ssh restart
- service sshd restart
users:
- default
- gecos: User configured by VIRL Configuration Engine 0.23.10
lock-passwd: false
name: cisco
plain-text-passwd: cisco
shell: /bin/bash
ssh-authorized-keys:
- VIRL-USER-SSH-PUBLIC-KEY
sudo: ALL=(ALL) ALL
write_files:
- path: /etc/init/ttyS0.conf
owner: root:root
content: |
# ttyS0 - getty
# This service maintains a getty on ttyS0 from the point the system is
# started until it is shut down again.
start on stopped rc or RUNLEVEL=[12345]
stop on runlevel [!12345]
respawn
exec /sbin/getty -L 115200 ttyS0 vt102
permissions: '0644'
- path: /etc/systemd/system/dhclient@.service
content: |
[Unit]
Description=Run dhclient on %i interface
After=network.target
[Service]
Type=oneshot
ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease
RemainAfterExit=yes
owner: root:root
permissions: '0644'
- path: /etc/rc.local
owner: root:root
permissions: '0755'
content: |-
#!/bin/sh
ifconfig eth1 up 10.0.0.22 netmask 255.255.255.252
route add -net 10.0.0.0/8 gw 10.0.0.21 dev eth1
route add -net 192.168.0.0/28 gw 10.0.0.21 dev eth1
exit 0
</entry>
</extensions>
<interface id="0" name="eth1" ipv4="10.0.0.22" netPrefixLenV4="30"/>
</node>
<node name="server-3" type="SIMPLE" subtype="server" location="809,276">
<extensions>
<entry key="config" type="string">#cloud-config
bootcmd:
- ln -s -t /etc/rc.d /etc/rc.local
hostname: server-3
manage_etc_hosts: true
runcmd:
- start ttyS0
- systemctl start getty@ttyS0.service
- systemctl start rc-local
- sed -i '/^\s*PasswordAuthentication\s\+no/d' /etc/ssh/sshd_config
- echo "UseDNS no" &gt;&gt; /etc/ssh/sshd_config
- service ssh restart
- service sshd restart
users:
- default
- gecos: User configured by VIRL Configuration Engine 0.23.10
lock-passwd: false
name: cisco
plain-text-passwd: cisco
shell: /bin/bash
ssh-authorized-keys:
- VIRL-USER-SSH-PUBLIC-KEY
sudo: ALL=(ALL) ALL
write_files:
- path: /etc/init/ttyS0.conf
owner: root:root
content: |
# ttyS0 - getty
# This service maintains a getty on ttyS0 from the point the system is
# started until it is shut down again.
start on stopped rc or RUNLEVEL=[12345]
stop on runlevel [!12345]
respawn
exec /sbin/getty -L 115200 ttyS0 vt102
permissions: '0644'
- path: /etc/systemd/system/dhclient@.service
content: |
[Unit]
Description=Run dhclient on %i interface
After=network.target
[Service]
Type=oneshot
ExecStart=/sbin/dhclient %i -pf /var/run/dhclient.%i.pid -lf /var/lib/dhclient/dhclient.%i.lease
RemainAfterExit=yes
owner: root:root
permissions: '0644'
- path: /etc/rc.local
owner: root:root
permissions: '0755'
content: |-
#!/bin/sh
ifconfig eth1 up 10.0.0.30 netmask 255.255.255.252
route add -net 10.0.0.0/8 gw 10.0.0.29 dev eth1
route add -net 192.168.0.0/28 gw 10.0.0.29 dev eth1
exit 0
</entry>
</extensions>
<interface id="0" name="eth1" ipv4="10.0.0.30" netPrefixLenV4="30"/>
</node>
<node name="iosv-4" type="SIMPLE" subtype="IOSv" location="428,272" ipv4="192.168.0.8">
<extensions>
<entry key="config" type="string">! IOS Config generated on 2018-06-02 05:15
! by autonetkit_0.24.0
!
hostname iosv-4
boot-start-marker
boot-end-marker
!
vrf definition Mgmt-intf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
!
no aaa new-model
!
!
ip cef
ipv6 unicast-routing
ipv6 cef
!
!
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
no service config
enable password cisco
ip classless
ip subnet-zero
no ip domain lookup
ip domain name virl.info
crypto key generate rsa modulus 768
ip ssh server algorithm authentication password
username cisco privilege 15 secret cisco
line vty 0 4
transport input ssh telnet
exec-timeout 720 0
password cisco
login local
line con 0
password cisco
!
no cdp run
!
!
interface Loopback0
description Loopback
ip address 192.168.0.8 255.255.255.255
!
interface GigabitEthernet0/0
description OOB Management
vrf forwarding Mgmt-intf
! Configured on launch
no ip address
duplex full
speed auto
no shutdown
!
interface GigabitEthernet0/1
description to iosv-1
ip address 10.0.0.18 255.255.255.252
ip ospf cost 1
duplex full
speed auto
no shutdown
!
interface GigabitEthernet0/2
description to iosv-2
ip address 10.0.0.26 255.255.255.252
ip ospf cost 1
duplex full
speed auto
no shutdown
!
interface GigabitEthernet0/3
description to asav-1
ip address 10.0.0.14 255.255.255.252
ip ospf cost 1
duplex full
speed auto
no shutdown
!
!
!
router ospf 1
network 192.168.0.8 0.0.0.0 area 0
log-adjacency-changes
passive-interface Loopback0
network 10.0.0.16 0.0.0.3 area 0
network 10.0.0.24 0.0.0.3 area 0
network 10.0.0.12 0.0.0.3 area 0
!
!
router bgp 1
bgp router-id 192.168.0.8
no synchronization
! ibgp
! ibgp peers
!
neighbor 192.168.0.3 remote-as 1
neighbor 192.168.0.3 description iBGP peer iosv-1
neighbor 192.168.0.3 update-source Loopback0
!
neighbor 192.168.0.4 remote-as 1
neighbor 192.168.0.4 description iBGP peer iosv-2
neighbor 192.168.0.4 update-source Loopback0
!
neighbor 192.168.0.7 remote-as 1
neighbor 192.168.0.7 description iBGP peer iosv-3
neighbor 192.168.0.7 update-source Loopback0
!
!
!
address-family ipv4
network 192.168.0.8 mask 255.255.255.255
neighbor 192.168.0.3 activate
neighbor 192.168.0.4 activate
neighbor 192.168.0.7 activate
exit-address-family
!
!
!
end</entry>
<entry key="AutoNetkit.mgmt_ip" type="string"></entry>
</extensions>
<interface id="0" name="GigabitEthernet0/1" ipv4="10.0.0.18" netPrefixLenV4="30"/>
<interface id="1" name="GigabitEthernet0/2" ipv4="10.0.0.26" netPrefixLenV4="30"/>
<interface id="2" name="GigabitEthernet0/3" ipv4="10.0.0.14" netPrefixLenV4="30"/>
</node>
<annotations/>
<connection dst="/virl:topology/virl:node[1]/virl:interface[1]" src="/virl:topology/virl:node[5]/virl:interface[1]"/>
<connection dst="/virl:topology/virl:node[2]/virl:interface[1]" src="/virl:topology/virl:node[6]/virl:interface[1]"/>
<connection dst="/virl:topology/virl:node[8]/virl:interface[1]" src="/virl:topology/virl:node[1]/virl:interface[2]"/>
<connection dst="/virl:topology/virl:node[8]/virl:interface[2]" src="/virl:topology/virl:node[2]/virl:interface[2]"/>
<connection dst="/virl:topology/virl:node[4]/virl:interface[1]" src="/virl:topology/virl:node[8]/virl:interface[3]"/>
<connection dst="/virl:topology/virl:node[3]/virl:interface[1]" src="/virl:topology/virl:node[4]/virl:interface[2]"/>
<connection dst="/virl:topology/virl:node[7]/virl:interface[1]" src="/virl:topology/virl:node[3]/virl:interface[2]"/>
</topology>