Penetration Testing mailing list archives
Re: pushing exploits through the Firewall
From: "Amin Tora" <amintora () gmail com>
Date: Wed, 1 Mar 2006 11:27:44 -0500
On 2/12/06, Mike Gilligan <mikewgilligan () hotmail com> wrote:Hi group Say a pentester manages to discover a vulnerable version of BIND running on an external DNS server and has successfully sourced an exploit for the vuln. I'm curious how it would be possible to launch the exploit against the server when a packet filtering device and stateful inspection Firewall sit between the pentester and the vuln host. It would seem at first glance that this is not a viable option. How else might one go about exploiting the vuln? Mike
Use "smuggling" attack tricks. I haven't seen anything specific for UDP based smuggling for DNS - but there's a lot of documentation on HTTP based attacks (google Watchfire Smuggling) which you can glean ideas off of. Look in the DNS rfc's for the rules, and try to use different manipulation of DNS protocol to bypass firewalls/ips with "intelligence" ... SOMETIMES <grin> security devices "assume" ... ;) -- Amin Tora http://www.int0x21.com ------------------------------------------------------------------------------ This List Sponsored by: Lancope "Discover the Security Benefits of Cisco NetFlow" Learn how Cisco NetFlow enables cost-effective security across distributed enterprise networks. StealthWatch, the veteran Network Behavior Analysis (NBA) and Response solution, leverages Cisco NetFlow to provide scalable, internal network security. Download FREE Whitepaper "Role of Network Behavior Analysis (NBA) and Response Systems in the Enterprise." http://www.lancope.com/resource/ ------------------------------------------------------------------------------
Current thread:
- Re: pushing exploits through the Firewall Amin Tora (Mar 01)