Penetration Testing mailing list archives
Re: Exploit through firewall question
From: brad Causey <bradcausey () gmail com>
Date: Tue, 18 Jul 2006 21:18:40 -0500
There can be a multitude of things affecting you here. 1. Good that you notify these folks. Just out of curiosity, why would you perform vul assesment from behind a firewall? 2. The Framework could be sending over dozens of different ports, most of which are probably blocked as incoming at the firewall, even if they are part of an established session. They could also be blocked as outbound, again, depending on ruleset. 3. I'm not sure if you are referring to the source or destination port here. The source port really wont matter that much if the outbound rules on your firewall are wide open. If the firewall is watching outbound connections, then yes, you need to use ports that the firewall will tolerate. If you are referring to the destination port, then you must use the default port of the service that is being exploited. (assuming the target system is using default ports). Its important that you use these ports because that is how the target OS is determining what services to pass the network request to. 4. This almost seems as though you aren't fully establishing a connection. (the handshake process isn't successful) 5. The result of the exploit will depend on a.) whether or not it was successful and b.) what payload you are using in conjunction with the exploit. Hope this helps -Brad mr.nasty () ix netcom com wrote:
I'm using MetaSploit to test a box for a variety of vulnerabilities. To get to the box I have to go through our firewall. 1) I notify our network and ids people 2) I always get that the system is not vulnerable but I feel it's because of the firewall. 3) Should I be testing this using port 80 (i.e. on a telnet buffer overflow) or just go straight to port 23? 4) here's the output: Connection failed: Connection failed: Operation now in progress 5) if it is sucessful will it automagically open a cmd line or remote session? Thanks ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- Exploit through firewall question mr . nasty (Jul 18)
- Re: Exploit through firewall question brad Causey (Jul 18)
- Re: Exploit through firewall question brad Causey (Jul 18)
- <Possible follow-ups>
- Re: Exploit through firewall question mr . nasty (Jul 19)
- Re: Exploit through firewall question jm (Jul 19)
- Re: Exploit through firewall question Neil (Jul 19)
- Re: Exploit through firewall question Allen Pomeroy (Jul 19)
- Re: Exploit through firewall question Gary E. Miller (Jul 19)
- Re: Exploit through firewall question Larry Offley (Jul 19)
- Re: Exploit through firewall question Curt Purdy (Jul 19)
- Re: Exploit through firewall question Phil Frederick (Jul 19)
- Re: Exploit through firewall question killy (Jul 19)
(Thread continues...)