Author | How to bypass firewall |
fuser Member

Posts: 960 Location: in front of a computer (duh)
Joined: 05.04.07 Rank: Mad User | |
Well, yesterday I was trying to attack a site, which i prefer not to mention for now.
When I noticed that my connections were immediately dropped out, it made me curious since I know the server is online since I pinged it.
So I made a quick trace, and found that it was connected to another server, so at first I made a whois command on the computer, and since it couldn't figure out the computer, I used zenmap and scanned the address.
According to the scan results, the computer acts as a firewall, and it runs m0n0wall based on the FreeBSD kernel, with port 53 (DNS) open.
I tried to arp-spoof the network, but the firewall kept dropping my connections (I was doing this with proxies, on my laptop in a wifi network)
so I'm stumped for now.
Does anyone around here have any suggestions on what I can do to bypass the firewall?






[url=http://userbarz.com/][img]ht |
 |
Author | RE: How to bypass firewall |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
war dialer.
|
 |
Author | RE: How to bypass firewall |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
give up...
|
 |
Author | RE: How to bypass firewall |
fuser Member

Posts: 960 Location: in front of a computer (duh)
Joined: 05.04.07 Rank: Mad User | |
as if i'll give up. I was just getting started, and if you don't have any answers, just shut up, will you, COD3?






[url=http://userbarz.com/][img]ht |
 |
Author | RE: How to bypass firewall |
fuser Member

Posts: 960 Location: in front of a computer (duh)
Joined: 05.04.07 Rank: Mad User | |
sorry, double posted. damn bandwidth






[url=http://userbarz.com/][img]ht
Edited by fuser on 23-04-08 03:54 |
 |
Author | RE: How to bypass firewall |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
wow..umm.way to go there double posting twat...penguins..i mean cmon man, grow a pair
|
 |
Author | RE: How to bypass firewall |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
well i am just learning about the network stuff but wouldn't using a war dialer on a pool of phone lines connected to network possably find a hole in the modem and gain you access to the network.
like i said i'm just learnig this stuff and i'm trying to help
|
 |
Author | RE: How to bypass firewall |
Futility Member

Posts: 760 Location: USA
Joined: 17.12.07 Rank: God | |
COD3 wrote:
wow..umm.way to go there double posting twat...penguins..i mean cmon man, grow a pair
Wow... creative insult. At least, it would be if it hadn't been posted by someone else in another thread about an hour ago. (A thread that you happened to post in as well) Now that I mention you stealing other people's things, what's with the userbar? I could have sworn I saw moshbat with the same exact thing weeks ago.
When was the last time you actually said something useful, anyway? You just seem to float around here bragging about how awesome you are, with no proof whatsoever, and putting everyone else down. So you wanna do us all a favor and fuck off. Come back when you've matured a little and learned that if you want to earn respect that you have to be worthy of it. But hey, who am I to judge you. You obviously know waaaaay more than me. Have fun becoming that accomplished hacker that you're obviously meant to be.
|
 |
Author | RE: How to bypass firewall |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
COD3 wrote:
give up...
honestly what exactly was your intention for posting that?
to pick a fight?
|
 |
Author | RE: How to bypass firewall |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
back on topic
did some searching for you and found this
HTTPort.
and
HTTPtunnel
are both tools that should help to bypass a firewall
|
 |
Author | RE: How to bypass firewall |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
Bypass firewall for what? First try the CLI not zenmap, although it is a nice gui you need to learn how to get your hands dirty.
Second ARP spoofing does not work like that! Read up.
http://en.wikipedia.org/wiki/Arp_spoofing
Second, YOU probably have no chance in hell bypassing the firewall, so your best bet would be to find a dns exploit...which you will not find either, at least not a current one.
Start looking at another way in.....
What you might want to do is enumerate the target in ALOT more detail.
Google enumeration! Here is a head start:
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
Later!:ninja:
|
 |
Author | RE: How to bypass firewall |
richohealey Member

Posts: 1022 Location: #!/usr/local/bin/python
Joined: 01.05.06 Rank: Monster | |
Octal wrote:
Bypass firewall for what? First try the CLI not zenmap, although it is a nice gui you need to learn how to get your hands dirty.
Second ARP spoofing does not work like that! Read up.
http://en.wikipedia.org/wiki/Arp_spoofing
Second, YOU probably have no chance in hell bypassing the firewall, so your best bet would be to find a dns exploit...which you will not find either, at least not a current one.
Start looking at another way in.....
What you might want to do is enumerate the target in ALOT more detail.
Google enumeration! Here is a head start:
http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html
Later!:ninja:
There are plenty of dns exploits, you just have to think laterally.
You use teh dns exploit to attack other services, a nameserver's first resolver is itself..
|
 |
Author | RE: How to bypass firewall |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
Your right! If you take control of the nameserver you can poison the cache. Was this your thought?
About a year ago Bind9 was vulnerable to this type of attack but most servers should have been patched by now...? |
 |
Author | RE: Bypassing a firewall |
Member

Posts: Location:
Joined: 01.01.70 Rank: Guest | |
Is there a hosting company involved ? If so they may have other sites and
servers that are less protected . You may be able to get in to a server
on the subnet and hack into the other target server from the side .
Theres many ways to do that :
If php is in play a c99 shell can help perform this task . Im not sure
how this works exactly . But i was informed , that while in a server or
having control of a control panel that is tied to a server on the same
subnet as the initial target victim server . The shell can assist in
gaining entry . My knowledge of this is limited .
Playing wih the Adress Resolution Protocol
Overloading the CAM with MAC addresses
Attacks on the routing protocol
Theres alot of ways around it if theres a host involved . But if the target
firewall is privately owned and managed , your situation may be more
difficult having to face it head on . If you havent read it already go here :
http://www.hellboundhackers.org/articles/739-steps-to-serious-penetration.html
That article helped me get a grip on alot of this . I hope it helps .
I know its long as hell . But its worth it . I had to read it and google
many times before i got the slightest idea what M3DU54 was saying .
Im still learning on most of the topics he talks about , like BGP .
Methods of attacks that i havent been pushed to attempt .
tóg go bog é , Neqtan
|
 |
Author | RE: How to bypass firewall |
fuser Member

Posts: 960 Location: in front of a computer (duh)
Joined: 05.04.07 Rank: Mad User | |
wow, thanks for the advice everyone.
Octal,thanks for the advice, but firstly, I customized my own scanning profile in zenmap, since the options given by default are quite limited.
I wanted to bypass the firewall so that i could enter the server I was trying to attack, and since the firewall was protecting it, it's obvious that I had to pass the firewall.
And the servers are hosted on their own sites, which means no hosting company is involved.
And yeah, I should've known that arp spoofing can't help me, silly me. But
it was the only thing I can think of at that time.
Thanks for pointing out the article, neqtan. I'll have to do some serious reading on it and about dns exploits now if I want to conquer the system.
and fallingmidget, I wasn't referring to you when I said if you have nothing useful to say, just shut up.
that, as usual, is targeted to our favorite insult target, COD3






[url=http://userbarz.com/][img]ht
Edited by fuser on 23-04-08 11:50 |
 |