Reverse shell for CTF in r4.2

one · January 5, 2024, 10:27am

I installed qubes-os 4.2
I need to do CTF’s on tryhackme and hackthebox.
I created appVM named ‘CTF’. I connect to my openvpn config from hackthebox in ‘CTF’ appVM. And reverse shell via netcat not work and ping or curl when I use python3 -m http.server on my ‘CTF’ appVM not work from remote machine.
I connected appVM to sys-net, but still not work.
So I have: sys-net -> CTF and use openvpn config in the CTF appVM.
Anybody play CTF’s on qubesos?

How I can allow incomming traffic from remote machine via openvpn to my appVM?

DVM · January 5, 2024, 10:36am

Can you try to accept the port you are using in “CTF”?

sudo nft add rule ip qubes custom-input tcp dport <port> accept

solene · January 5, 2024, 10:45am

You need to NAT the ports through sys-net → sys-firewall → CTF-qube

DVM · January 5, 2024, 10:59am

Since openvpn is used here to tunnel packets between the qube and the remote machine, everything port-related is only accessible within “CTF”. sys-net and sys-firewall can’t see anything because they only forward the encrypted traffic.

solene · January 5, 2024, 11:01am

Ah, I misread entirely the openvpn part sorry. Then you are right, there is only the nftable rule to accept connection on the port

one · January 5, 2024, 4:29pm

Thanks. It’s work. But I added dport before port number:

sudo nft add rule ip qubes custom-input tcp dport 8000 accept

DVM · January 5, 2024, 4:41pm

Thanks, I accidentally replaced dport with <port>.
I’ll edit my post for future viewers.

Johnboy · January 7, 2024, 12:30pm

I’m curious if you use a special template for your CTF work like parrot, kali, blackarch or just plain fedora/debian?

one · January 10, 2024, 11:10am

I use archlinux from community templates.

Johnboy · January 13, 2024, 7:46am

Then maybe blackarch is something for you.