write-ups-challenges-2023-2024/table-flip/SETUP.md
2023-11-28 16:24:59 +01:00

86 lines
4.2 KiB
Markdown

# Challenge setup
This challenge requires a hotspot to be hosted on a Raspberry Pi.
These steps can be taken to configure a Raspberry Pi correctly.
## Installing Raspberry Pi OS
- Install Raspberry Pi OS (Lite, 64 bit was used for these instrucitons) via the Raspberry Pi Imager (for example).
- Make sure to enter a username and password in the OS Customisation settings.
- Also enable SSH using password authentication. (Or public-key only, just make sure you can connect to the Pi).
- DO NOT configure wireless LAN!! (So if you're using the imager for macOS, also choose "no" on all the prompts asking to use the wifi credentials stored in the keychain.)
When finished, turn on the Pi and connect it to your PC via Ethernet.
You should now be able to ssh into the Pi using the credentials you chose earlier.
For the rest of these instructions, the Pi requires an internet connection. Since no wifi has been setup, you need to share the internet connection of your PC with the Pi.
For macOS, you can do this by going to System Settings > Sharing > Internet Sharing, then turning Internet Sharing on, and allowing Ethernet devices to receive.
## Installing RaspAP
In order to make configuration of the hotspot and captive portal easy, we use [RaspAP](https://raspap.com/) to manange the access point.
In order to install RaspAP, you can use the [installation instructions](https://docs.raspap.com/).
When you're running the installer, you can answer yes to the following questions:
- lighttpd root: /var/www/html? [Y/n]: `Y`
- Complete installation with these values? [Y/n]: `Y`
- Enable HttpOnly for session cookies (Recommended)? [Y/n]: `Y`
- Enable RaspAP control service (Recommended)? [Y/n]: `Y`
And you can answer no to the following questions:
- Install ad blocking and enable list management? [Y/n]: `n`
- Install OpenVPN and enable client configuration? [Y/n]: `n`
- Install WireGuard and enable VPN tunnel configuration? [Y/n]: `n`
- Enable VPN provider client configuration? [Y/n]: `n`
And then you can reboot.
Once you've rebooted, a wifi network `raspi-webgui` is created, and can be accessed using the default credentials.
## Installing and enabling the captive portal
We will follow [RaspAP's documentation](https://docs.raspap.com/captive/) on installing [nodogsplash](https://github.com/nodogsplash/nodogsplash).
Again, follow the instructions on [RaspAP's documentation](https://docs.raspap.com/captive/).
Once the captive portal is installed and active, we need to swap out the `splash.html` and `splash.css` files located in `/etc/nodogsplash/htdocs/`.
Once you've replaced these files with our custom ones, you need to reload nodogsplash
```bash
sudo systemctl restart nodogsplash.service
```
## Some additional (but required) configuration
We still need to change RaspAP's SSID name and default credentials.
You can access RaspAP's Web UI by connecting to the hotspot and going to the router's ip (should be [10.3.141.1](http://10.3.141.1:80)).
If you've correctly installed the captive portal, you will only see the flag.
In order to pass the captive portal, you need to go to a specific url. This url will start with the value that is present in the meta "action" tag of the head of the captive portal, and you need to include the value of the meta tok tag as a query parameter.
For example: `http://10.3.141.1:2050/nodogsplash_auth/?tok=371e85e0` (your token will be different).
Normally, you should see "Authenticated" and you can visit the [web UI](http://10.3.141.1:80) now.
Some important settings you need to change:
### Changing the SSID
- Go to Hotspot > Basic > SSID.
- You can change this to something original based on the challenge description. (recommended: ┏━┓ ︵ /(^.^/))
- (And click "Save settings" on the bottom.)
### Removing the password
- Go to Hotspot > Security.
- Set "Security type" to `None`.
- (And click "Save settings" on the bottom.)
### Changing RaspAP's admin credentials
We're still in a CTF...
> **_NOTE:_** The challenge is just finding the flag in the captive portal, not breaking into the access point. But since default credentials are tempting for everyone, we will change this to something more secure.
- Go to Authentication.
- Change the username.
- Change the password.