Skip to main content

Secure (?) Internet access for DefCon/BlackHat/BsidesLV

(0 comments)

Every year at DefCon there is a Wall of Sheep where the usernames and passwords for non-encrypted logins are posted and every year there are usernames and password on it.

We have setup OpenVPN on an Amazon instance and configured it to use WiKID Strong Authentication without any user validation (i.e.: we don't care who you are).  This configuration will allow you to get an outbound Internet connection without using static credentials. The OpenVPN client is set up to push all your connections through Amazon.

How do you get it? 

First, download and install a WiKID software token. You can use any token - Blackberry, Android, iPhone, Windows Mobile, Windows/Mac/Linux. Add the domain 888888888888. You will be prompted to set your PIN and you will get back an alphanumeric registration code.  You need this code.  Enter this code into this registration page.  

Ok, you've swapped public keys with the server and you've associated the key exchange with the username you submitted on the form.  Now, install OpenVPN and download the appropriate Openvpn client flie:

And download this ca.crt:

You will need to edit the client configuration file to point to the location of the ca.crt. Other changes shouldn't be needed, but if they are, please let me know. If something is mis-configured, please let me know (via @wikidsytems on twitter).

Start the client.  You will be prompted for a username.  Use the name you registered.  Generate an one-time password from the token and enter it as the password. You should get connected.  Please don't abuse the connection.

The client should route all your traffic through the Amazon cloud over OpenVPN and from there out to the Internet.  It has been tested on OSX and Ubuntu.

If you have problems, you can try to find me at DefCon or BSidesLV.  You can ping me on twitter too: @wikidsystems. Any feedback is much appreciated.

Enjoy & be safe.

PS: Special thanks to @andrewsmhay for testing and the Mac OSX conf file!

Currently unrated

Comments

There are currently no comments

New Comment

required

required (not published)

optional

Recent Posts

Archive

2018
2017
2016
2015
2014
2013
2012
2011
2010
2009
2008

Categories

Tags

Authors

Feeds

RSS / Atom