Skip to content

Networking ex/shambhavee #35

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

Networking ex/shambhavee #35

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
6 commits
Select commit Hold shift + click to select a range
a1b1f06
Final Submission
Jun 15, 2023
e0c2c1e
networking_ex/shambhavee
Jun 15, 2023
6d95497
networking_ex/shambhavee
Jun 15, 2023
f01b15a
networking_ex/shambhavee
Jun 16, 2023
6946008
Update bastion_connect.sh
shambhaveesrivastava12 Jun 16, 2023
6369f41
Update bastion_connect.sh
shambhaveesrivastava12 Jun 16, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion projects/bash_networking_security/SOLUTION
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,26 @@
Local DNS Server IP
-------------------
<ip-here>
127.0.0.53





Default gateway IP
-------------------
<ip-here>
10.0.0.1



DHCP IP allocation sys-logs
-------------------
<logs-here>

Jun 15 13:07:48 ip-10-0-0-242 kernel: [ 3.409527] systemd[1]: Detected virtualization xen.
Jun 15 13:07:48 ip-10-0-0-242 kernel: [ 3.413368] systemd[1]: Detected architecture x86-64.
Jun 15 13:07:48 ip-10-0-0-242 kernel: [ 3.422724] systemd[1]: Hostname set to <ip-10-0-0-242>.
Jun 15 13:07:48 ip-10-0-0-242 kernel: [ 3.830820] systemd[1]: Queued start job for default target Graphical Interface.
Jun 15 13:07:48 ip-10-0-0-242 kernel: [ 3.836910] systemd[1]: Created slice Slice /system/modprobe.
Jun 15 13:07:48 ip-10-0-0-242 kernel: [ 3.844069] systemd[1]: Created slice Slice /system/serial-getty.
Jun 15 13:07:48 ip-10-0-0-242 kernel: [ 3.852027] systemd[1]: Created slice Slice /system/systemd-fsck.
20 changes: 20 additions & 0 deletions projects/bash_networking_security/bastion_connect.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,21 @@
#!/bin/bash
if [[ -z "$KEY_PATH" ]]; then
echo "Error: KEY_PATH environment variable is not set."
exit 5
fi

if [[ $# -lt 1 ]]; then
echo "KEY_PATH env var is expected"
echo "Please provide bastion IP address"
exit 5
fi

bastion_ip=$1
private_ip=$2
command_to_run="${@:3}"

if [[ -n "$private_ip" ]]; then
ssh -t -i "$KEY_PATH" ubuntu@"$bastion_ip" ssh -i "new_key" ubuntu@"$private_ip" "$command_to_run"
else
ssh -i "$KEY_PATH" ubuntu@"$bastion_ip" "$command_to_run"
fi
61 changes: 61 additions & 0 deletions projects/bash_networking_security/tlsHandshake.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,62 @@
#!/bin/bash
#!/bin/bash -x

# Step 1 - Client Hello (Client -> Server)
RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
"version": "1.3",
"ciphersSuites": ["TLS_AES_128_GCM_SHA256", "TLS_CHACHA20_POLY1305_SHA256"],
"message": "Client Hello"
}' http://3.129.21.174:8080/clienthello)


# Step 2 - Server Hello (Server -> Client)
SESSION_ID=$(echo "$RESPONSE" | jq -r '.sessionID')

echo "$RESPONSE" | jq -r '.serverCert' > cert.pem


# Step 3 - Server Certificate Verification
wget https://devops-feb23.s3.eu-north-1.amazonaws.com/cert-ca-aws.pem

VERIFICATION=$(openssl verify -CAfile cert-ca-aws.pem cert.pem)

if [ "$VERIFICATION" != "cert.pem: OK" ];
then
echo "Server Certificate is invalid."
exit 5
else
echo "cert.pem: OK"
fi


# Step 4 - Client-Server master-key exchange
#echo "Hi server, please encrypt me and send to client!" > masterKey.txt
openssl rand -out masterKey.txt -base64 32



MASTER_KEY=$(openssl smime -encrypt -aes-256-cbc -in masterKey.txt -outform DER cert.pem | base64 | tr -d '\n')



# Step 5 - Server verification message
RESPONSE=$(curl -X POST -H "Content-Type: application/json" -d '{
"sessionID": "'"$SESSION_ID"'",
"masterKey": "'"$MASTER_KEY"'",
"sampleMessage": "Hi server, please encrypt me and send to client!"
}' http://3.129.21.174:8080/keyexchange)


# Step 6 - Client verification message

echo "$RESPONSE" | jq -r '.encryptedSampleMessage' > encSampleMsg.txt
cat encSampleMsg.txt | base64 -d > encSampleMsgReady.txt

decrypted_sample_msg=$(openssl enc -d -aes-256-cbc -pbkdf2 -kfile masterKey.txt -in encSampleMsgReady.txt)

if [ "$decrypted_sample_msg" != "Hi server, please encrypt me and send to client!" ]; then
echo "Server symmetric encryption using the exchanged master-key has failed."
exit 6
else
echo "Client-Server TLS handshake has been completed successfully"
fi
8 changes: 4 additions & 4 deletions projects/bash_networking_security/vpc.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
REGION=""
VPC_ID=""
PUBLIC_INSTANCE_ID=""
PRIVATE_INSTANCE_ID=""
REGION="us-east-2"
VPC_ID="vpc-03f04820bd5538afb"
PUBLIC_INSTANCE_ID="i-0e364860614a7c200"
PRIVATE_INSTANCE_ID="i-0dd50ff38e7e7db24"
27 changes: 27 additions & 0 deletions shambhaveenewohio.pem
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAwaCXrhJvel5dNuYJzrLJ6masjt8REWp1z3P3a/AcozXB4B8c
ynRMrGfWMz6c/K3/G8RfT+olnpxn4nSLbrNM2yBzXWf/d5cG1usuwW4o6CRjj9j7
yza/TMJ7pU/cfmCVt5JIpeRpVpDx1YB6dNFXR20nxq3j5HDNJgoA+IktCrIb4Fca
fzCKiR1+MCbKHzieOX42WcpeliuSnN/SgOwpzCb0oXR6rsq8QyZjVZTTlppiLfJc
GaCMZmLt8aI9KmxCigHUH/chyJ2PsM+xFCYW7D8WobYUiw2KLr34GRAfwyT8LnQJ
mVn2CTqduv5flir1SrBEfEJoIMlDjqjH4tljIwIDAQABAoIBAFpQtw9p5/ezFlWq
HT79pDMiqzCFGef+uW8Hj4wYVrNGOuV4faxtbOoqEP6cIQu3eTwRb8fN1rhSCh7V
78e1+I5pZ4ZVIRM+LeGHl6p/4LLPbmVFd8VFBxwdxyDHzHhiQtN6d0px7TSErVjB
8dyVXNmjL597ssX2W6p3lhZXndvTgNeICKUbSDy4Svk5yAlYv7IoVSXjJWmJTMdP
FC8Hpi+spqX9wKpUtfcn+9Xhe7vgGhTKnyejHXnRmRcySDmqDgTRbW0U6WwWsBBX
OWeEMBL8aw26qNgZb3qBqdf4J2Fe2tQG9gPVOv9/rpEVrvulBBkkwD8eQUyhME+U
+6VY+3ECgYEA/Hbv8GOske2lBRWv8hKzTxvHXpwekxCuapzTP9V7uicOuGuM9HQn
a98NjIv/GUtqlfsrpUQGEKe4yG2heK36mjTNvVtjzL3iB42TZHoJt2VMrKVJexIw
s3yaJ7enPBvmQyfxOLGSG2/ViPgr8y4BIhZETlC14INhyBAcOA6g1VsCgYEAxFa6
mR5fL/zi/aiwvBGShg211/cVi69wbKQOc/wP18VLxObwGkoaPN8EsKaviGMWwh3I
qnixzAo+bRgceabs6oJYvfgEaKetlkPiorgYTnvL3alm3/qhqwGwJHrzs7aaFBc4
SoE7n9ZuTQXZbq6XyMkakzFqTtyizs5Flgge69kCgYEAhXEYQadtf3Rs1NMxvHHF
9Ppp1sgOIQ2gIxnhTsw4KZybWz79sffzHkE3mCInI+eI3t1zpFbgHc2JDedkgbTz
0K44UO4NQhrbbcKXNXSLzjPs4xQ6UqK6uyQRFw0rh8n3W2exSJYS9A2YgF0sXczj
LHE4iWx/tbu741Mgl0CkIiECgYEAt/aDdECu86nBjebnYfAdGBn0jlxnBbDmaAT3
vdkphwTHz8CKrDdOikZ0gIhN5D7j7hI2GPRps0LN5y42UA4F4l0rhSPEDcM+tJL6
4XgY3kDEbfbx+18855v3TNcfTP4FNFnlVnnsQgGK7ARVDI3ujiVQDya38xhsO9Wu
AbuuLVECgYB3B/bt2oWzEEsUMQQjuZSM/hz4/EtnPH+Us8vrll1Bju+DAKblsjQN
wxKEbPvJvpHn3jRAGY8kIn37GbvStyBV5C98RZqxyW52Na9xrYv3MVfe6qs3IMOO
0ZUbuMJ3Qz+7XliW/wUxbUQt57OCu1J7JZpYbbKzNJZrtftD3mtVAw==
-----END RSA PRIVATE KEY-----