search

vitaly-kamluk / bitscout

Remote forensics meta tool
GNU General Public License v2.0
461 stars 109 forks source link

Bitscout Components #10

Closed melorium closed 7 years ago

melorium commented 7 years ago

Hi again.

I this you are tired of me but I ask a couple of more Questions.

  1. What components does an expert accept to know about for using Bitscout? LXC ? LCD?
  2. IS it 10.0.3.1 or 10.0.3.2 I connect to Using SSH from expert machine to host?
  3. What ssh commande to use the for connect using the scout certificate from the expert machine.
  4. Can I using SSHFS to mount from a for example Evidence0 disk from container to the expert machine.
  5. What client configurations does I need on the expert mashine? SSH config from Bitscout cartoon machine, openvpn configuration, the scout cert, LXM configaratrion. My vpn is working perfekt and the network is running well.

Du you have any good link there I can find what I need to know, maybe I'm not an expert yet, but I think I can be soon if I find the right sources.

I sorry to bother you (: with so many questions but I really are impressed of Bitscout and I really want to use it for remote forensics.

Dennis Karlsson

vitaly-kamluk commented 7 years ago

Dear Dennis, Thank you for continuous interest to the project. I am not tored of you. :)
Your questions help better understand what has to be described in the project wiki.
Let me first briefly answer your questions here:

  1. You should learn principles of LXC, but this is just to better understand how Bitscout is built and how to customise it to your needs. Stephane Graber had some amazing articles about LXC here: https://stgraber.org/2013/12/20/lxc-1-0-blog-post-series/
  2. 10.0.3.1 and 10.0.3.2 are connected in a virtual network (host-guest). Technically when you ssh to 10.1.0.2, the destination ssh service responds from 10.0.3.2 (on container). This is possible due to tcp connection forwarding that Bitscout does via iptables.
  3. Please check man pages for ssh to find your answers. In short, you can specify ssh key on commandline like this: $ ssh -i path_to_scout_key user@10.1.0.2
  4. As far as I know, sshfs doesn't currently allow to mount and access remote block devices (such as evidence0). Check another service called nbd to make block device evidence0 accessible to you locally. We will describe it and add to wiki soon.
  5. On the expert machine you need only files that are in ./exports/expert/ after you build the ISO. It includes ssh keys, openvpn config+keys, irc config.

Keep playing with the software and make your own tests to learn how everything works! It would be nice if you blogged about it and shared your experience, Dennis!

melorium commented 7 years ago

Thanks. Il downloaded and installed NBD server on vpn server and NBD on expert machine. It worked good and i was able to block from server to expert mashine. But i will figure out how to run it in a the evidence container. Maybe to run a NBD server in that conatiner and client on expert machine. I used port 2002 for NDB. Maybe i need to forward some more ports or something. Thank you alot for your help. I will never giving up to learn using your software beq its so good. Dennis

vitaly-kamluk commented 7 years ago

I replied to this in your recent issue. Let me close this one for now. Please see https://github.com/vitaly-kamluk/bitscout/wiki/Advanced-Usage. We will update it with new techniques in the future.