Exploit-DB updates

Loading...

Friday, January 28, 2011

Tcpwrapped

For the most part its a very good strategy of being protected by the casual hacker, and is quite difficult to get passed. I have yet found a good article to cite on here about it and getting through one but I have knowledge on firewall evasion,


         Here is some stuff

   One of the major things that tends to happen in response to a attempt to connect to a filtered port are security logs. For the most part tcpwrappers also produce logs of there own, usually once someone sees them they tend to run, well that's the hope involved.

easy example of firewall detection would be this example, but plug in ports of common firewalls
nmap -n -vv -P0 -p256, 257, 258, 1080, 1745 <victim>

also banner grabbing to enumerate a service that might be a firewall
nc -v -n < target Ip> <port>

a lot of times enumerating a firewall will entail specific details like version number of the firewall or a message deployed by some generic ones which can be searched for 0 day

Traceroute is a easy example of  getting there till hitting the blockade one you get the asterisk you have hit the firewall
traceroute <target ip>
You may also use the -I argument to enforce the use of icmp packets if ttl/udp is being blocked.

You can also reconstruct packets to spoof a known packet to get through, firewalls do not do packet content analysis. There is a formula to get the right spoofed packet I encourage you to look it up the result number will go after -p.

traceroute -p28 <target ip>

You may also need to stop port incrementation so use the -S argument, but keep the conditioned packet
traceroute  -S -p28 <target ip>

Fire walking:
There are two requirements
1. Ip address of last gateway detected  before firewall is hit
2. Ip address of host located in fire walled area.

Enumeration behind firewall
firewalk -n -P1-8 -pTCP <target gateway> < target host>

Raw packet transmission with hping

Enumerates the ACL by analyzing whether it RST/ACK/REJECT/DROP packets
Depending on what your result is you will know  if a firewall is present or not

hping <target ip> -c2 -S -p21 -n

If you find yourself a vunerable firewall your next step would be fragmentation and spoofing more to the side of fragmentation


**This is a general and broad view of Firewall evasion and enum/detection. This was a introduction to the tools used, full in depth research is required before use.
I wouldn't want to go into depth and spoon feed you =] cheers!**
0r1x
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)