I recently moved my virtualbox kali vm from a ubuntu install to a windows 10 instance (long story, I know). I also took a few months break, if that changes anything, I don’t know if something is different now.
When I attempt to nmap say Passage, if I get hit with the fail2ban, nmap will come back with my own network being scanned. I do have a 10.10.0.0 subnet that I use, but there is absolutely no 10.10.10.0 in my LAN, let alone .206 so how it’s doing that is beyond me. For what it’s worth, what it’s scanning and its own IP is on the 172.16.0.x range inside my network. And I am bridged successfully.
If I try to trigger a reverse shell, it’s even more confusing. I get:
sl.SSLCertVerificationError: ("hostname ‘passage.htb’ doesn’t match either of ‘**redacted my own personal ssl cert hosted on another box, but public facing for hosting a personal website’, or ‘**redacted another personal ssl cert’)
This doesn’t make any sense, kali is using my tun0, I can view the passage website, etc. I can’t imagine why my VPN connection even knows about my own personal SSL certs, it should be bypassing that.
I don’t even know how to begin troubleshooting this. Or even what to call it, so I can google it. I updated openvpn to the latest version.
I don’t even know how to begin troubleshooting this. Or even what to call it, so I can google it. I updated openvpn to the latest version.
There is a lot going on here, so it is challenging to work out where the issue is.
When you run nmap against (say) 10.10.10.206, the traffic should be routed over the openvpn tunnel. If that fails to resolve the IP, there may be some other processes going on which makes it try to resolve the traffic on other interfaces.
I’d sugges troubleshooting errors here before moving on to things like trying to get a reverse shell.
For example - check the output of ping & tracert/traceroute; make sure the box is up & running and that you are trying to access the correct ports with other tools.
For the reverse shell, it seems you are trying to use an SSL tunnel which is a bit odd. You need to identify where you are running commands where you are getting those errors - that will explain why it is checking your personal cert store. This doesn’t really have anything to do with your VPN tunnel.
Thanks. I “fixed” the problem by forcing the box to not use my pihole DNS set through DHCP. I know it’s always DNS, but I don’t know enough to actually troubleshoot and fix this, so I’m just going to go around it completely.
Long term I’ll just set up another subnet and a VLAN on my router and set up my pentesting stuff to go straight to cloudflare and google.