Vulnerability Development mailing list archives
Re: Proxy stuff
From: "Robert G. Ferrell" <root () rgfsparc cr usgs gov>
Date: Thu, 21 Dec 2000 10:17:11 -0600
I have got a question: Is there any possibileties of braking usable ports limitation, what i mean is My company has instaled proxy that will not put me throught any other port than 80 and 25. Is there still any possibilety of use telnet ftp (on their own ports) ?
Hi Grzegorz, Depends on how outgoing traffic is being handled. The classic way to defeat this sort of thing is by creating a back channel using something like reverse telnet. If you can take advantage of some cgi script weakness on the server through port 80 and initiate an outbound telnet session from the target machine to your own, you can redirect the traffic to its 'proper' port. You'll need something like Netcat to make this work, however. There's a decent description of this technique in "Hacking Exposed." Cheers, RGF Robert G. Ferrell, CISSP Information Systems Security Officer National Business Center U. S. Dept. of the Interior Robert_G_Ferrell () nbc gov ======================================== Who goeth without humor goeth unarmed. ========================================
Current thread:
- Proxy stuff Grzegorz Jaskiewicz (Dec 20)
- Re: Proxy stuff SMILER (Dec 21)
- Re: Proxy stuff Gregor Binder (Dec 21)
- Re: Proxy stuff sporty o'one (Dec 21)
- Re: Proxy stuff Deven Phillips (Dec 21)
- Re: Proxy stuff Stian Myhre (Dec 21)
- <Possible follow-ups>
- Re: Proxy stuff John Herron (Dec 21)
- Re: Proxy stuff Mark D. Goldman (Dec 22)
- Re: Proxy stuff Dom De Vitto (Dec 25)
- Re: Proxy stuff Mark D. Goldman (Dec 22)
- Re: Proxy stuff Robert G. Ferrell (Dec 21)
- Re: Proxy stuff Weiss, Bill (Dec 22)
- Re: Proxy stuff amonotod (Dec 22)
- Re: Proxy stuff Lynn Crumbling (Dec 22)
- Re: Proxy stuff Grzegorz Jaskiewicz (Dec 22)
- Re: Proxy stuff SMILER (Dec 21)