Penetration Testing mailing list archives
RE: [PEN-TEST] Download fw1 topology
From: "Ogle Ron (Rennes)" <OgleR () thmulti com>
Date: Tue, 15 May 2001 09:46:23 +0200
Recall that Checkpoint has two forms for VPNs, fwz and IPsec. If you are using fwz, then SecuRemote (Secureclient) will download the topology without authentication first. If you are using IPsec, then SecuRemote will request authentication before it will download the topology. If you look in your userc.c file, you will find many interesting pieces of information that can be used to hack. First, you will find all of the IP addresses and directly attached networks of all of the interfaces on the firewall. Second you will find all of the networks that are included in the firewall's encryption domain. These networks are considered behind the firewall. It will show you what firewall version and what VPN types that it will support (FWZ and IPsec). It will show you the identity of the firewall's manager which may or may not be the firewall itself. This could be a machine somewhere else. If you can compromise this machine, you've got the keys to the kingdom. This is also the machine that you download the info for this userc.c file. In the newer versions of SecuRemote, you have a policy section. This section in essence creates a firewall solution on the SecuRemote machine. One last thing. If you know what your doing, you can change some of the information in this file by hand. For example, I've added DNS servers, deleted networks and changed netmasks without having to "update" my configuration. Ron Ogle
-----Original Message----- From: railwayclubposse () hushmail com [mailto:railwayclubposse () hushmail com] Sent: Tuesday, May 15, 2001 2:34 AM To: PEN-TEST () securityfocus com Cc: davew () sec-tec com Subject: Re: [PEN-TEST] Download fw1 topology When I use the Secureclient to try to download topology, it asks me for a certificate. I don't get anything else. If I use a certificate, I get some very interesting and cool things in my users.c file. How do you get it before you authenticate? They've got the latest version/sp. The SDK for the API (OPSEC) used in all the Checkpoint products is available for download. Could be fun.David Wray [mailto:davew () sec-tec com] wrote: I often try to perform a download VPN topology request using Checkpoint Secureclient. Once thedownload is done,any request for the Internal IP address scheme will promptfor a usernameand password.Free, encrypted, secure Web-based email at www.hushmail.com
Current thread:
- Re: [PEN-TEST] Download fw1 topology railwayclubposse (May 14)
- <Possible follow-ups>
- RE: [PEN-TEST] Download fw1 topology Ogle Ron (Rennes) (May 15)