Hey.
Just wondeing if there's a way to trick the firewall so that I can use FTP server, send Webcam stream and listen to Winamp liveradio?
With the firewall enabled I can't do any of those.. And I can't access the firewall..
Is there some way to like discover what IP the fiw. is and then using that IP, or is there someway to bypass?
Thanks
Full Version: Bypassing Hardware Firewall?
first of all find out which ports ARE allowed by the firewall. Port 80 will be alowed at the very least, and probably more. The main technique used is port redirection. If you are using a win machine then grab fpipe by the guys at hxxp://www.foundstone.com. Just read the readme and use your brain a bit. This won't work for FTP however, but will work for most single-channel protocols.
you can find your fw ip address very simple.just use traceroute cmd(if you have linux)or tracert(for windows).type something like tracert www.google.com and the first 3-5(maximum) are your internal ip network pcs.you can sure watch the datagram leaving your pc and traveling throw the network until it reaches the firewall and next somewhere out of your network.look for the time also the one datagram need to reach the next hop.with a little luck you will get your fw ip!if tcp method throw tracrt is not succesfull and it will show you *** then use a udp tracrt method.most of firewalls are vulnerable to this
Thanks.
Well, now when I know abit more about the net it looks like this:
The Web
|
|__ Firewall
|__Router
|__Clients (Me)
Now, whould it be possible in this case?
Cause I get an internal IP from the Router, and the firewall uses the Routers IP since that's my external IP.. Which means I don't have contact directly to the firewall..
Well, now when I know abit more about the net it looks like this:
The Web
|
|__ Firewall
|__Router
|__Clients (Me)
Now, whould it be possible in this case?
Cause I get an internal IP from the Router, and the firewall uses the Routers IP since that's my external IP.. Which means I don't have contact directly to the firewall..
concern the posibility that your router maybe is a hardware firewall or the posibility to be a system with a firewall and at the same time do routing jobs too!in other words maybe the firewall is your router too!
to pierce the fw you need an poxy outside of it's "protection" connect to proxy over open port and let it redirect through said open port, no proxy then you are SOL because your alternative is altering the fw which I strongly suggest is a bad idea
1) a lot depends on the firewall settings
my favourites usually are http and icmp tunnels
2) as it is the nature of a tunnel you have two endpoints
one inside the firewall and one outside
because you have to sneak traffic using a permitted protocol
3) serveez is a good example of such redirector
or http proxy - you'll find both with an easy search
4) be careful not to violate acceptable use policies
as firewalls are not the only guarding devices today
and good intrusion detection system will get you ...
regards,
u.
my favourites usually are http and icmp tunnels
2) as it is the nature of a tunnel you have two endpoints
one inside the firewall and one outside
because you have to sneak traffic using a permitted protocol
3) serveez is a good example of such redirector
or http proxy - you'll find both with an easy search
4) be careful not to violate acceptable use policies
as firewalls are not the only guarding devices today
and good intrusion detection system will get you ...
regards,
u.
It is very interesting what you say about frw bypass..
Maybe you could detailed more this ( with some examples ) for the youngest like me...
icmp tunnels
many 10x in advance.
Maybe you could detailed more this ( with some examples ) for the youngest like me...
icmp tunnels
many 10x in advance.
If there isn't a proxy and there is only a firewall then with software like socks2http and http-tunnel you can get your job done! (assuming web browsing-port 80, is allowed). The trick behind this is that you trick your software you want to bypass the firewall to connect locally to a socks server(socks2http) which communicates to an external http proxy server through port 80. So it translates every program request to legal http traffic until it reaches the external proxy. Then the proxy does the rest. For downloads and info search google for socks2http and http-tunnel. 
find coool reading of icmp tunnels at:
hxxp://www.sensecurity.org/downloads/ICMP_Whitepaper.doc
or the source of all loki at phrack 51
hxxp://www.phrack.org/show.php?p=51&a=6
have fun reading and studying
u.
hxxp://www.sensecurity.org/downloads/ICMP_Whitepaper.doc
or the source of all loki at phrack 51
hxxp://www.phrack.org/show.php?p=51&a=6
have fun reading and studying
u.
yea set up SSH on the outside to listen on 443, then config ssh to use port forwarding.
then bounce your ftp client or what ever you want off your new toy
enjoy
then bounce your ftp client or what ever you want off your new toy
enjoy
... hm but there are some problems ....
Ok , i have full access on my victim . Get all Files on it through Port 80 . Port 21 , 25 and 80 are open and used by Services . I want to set up an Ftp Server with many traffic . So , a http , icmp tunnel is senceless .
The ports are all used , so how i can redirect the port to my own ftpd ( run local on port 3333 ) without killing the webserver ( port 80 ) the ftpd ( port 21 ) or the mail daemon ( 25 ) .
What should i do to bypass the hardware - firewall ?
Ok , i have full access on my victim . Get all Files on it through Port 80 . Port 21 , 25 and 80 are open and used by Services . I want to set up an Ftp Server with many traffic . So , a http , icmp tunnel is senceless .
The ports are all used , so how i can redirect the port to my own ftpd ( run local on port 3333 ) without killing the webserver ( port 80 ) the ftpd ( port 21 ) or the mail daemon ( 25 ) .
What should i do to bypass the hardware - firewall ?
Check this site out know it cached... but it might be what you looking for...
hxxp://216.239.37.104/search?q=cache:e09K8h1qJPUJ:ares.penguinhosting.net/~ian/firewall/+rpi+ftp+ssh+tunnel&hl=en&start=1&ie=UTF-8
hxxp://216.239.37.104/search?q=cache:e09K8h1qJPUJ:ares.penguinhosting.net/~ian/firewall/+rpi+ftp+ssh+tunnel&hl=en&start=1&ie=UTF-8
Nice site predx , but i still don't get it in my mind .
Ok here is what i have tried :
Bypass the wall per Port Redirection -> no chance
Bypass the wall per http tunneling -> I've downloaded HTTPTunnel from http://www.nocrew.org/software/httptunnel.html , the HTTPTunnel Server runs on a box outside the wall . The Client under a windows 2k Server in the internal Zone which is protected by the firewall . The Firewall blocks only incomming Traffic to all Ports in exception to Port 21 , 25 , 80 ; outboundtraffic is allowed with no limits ( only some P2P Ports are blocked ) .
Ok ive run the Httptunnel Client on the victim and forward the traffic on Port 3333 to my box outside the Wall per Http Tunnel . ( htc -F 3333 testip.someip.com:80 )
K , the HTTPtunnelserver runs on Port 80 ( have the testip.someip.com IP ) and forward the traffic to localhost:8000 ... And here is the Problem .
For tunneling applications with a static server outside the firewall like Icq , Irc it is absolutly no problem . But if it is a Server on the Victim , the server wouldn't connect to the user , the user would (and want) to connect to the Server Daemon . So it is not possible to forward the Traffic from the HTTPTunnelServer to a other Ip because many clients want to connect and not only one .
Now i'm totaly confused and have absolutly no idea how to get a ftp server through a hardware - firewall with filtering enabled . :/)
Thx 4 every trick and tip , [Sunny]
Ok here is what i have tried :
Bypass the wall per Port Redirection -> no chance
Bypass the wall per http tunneling -> I've downloaded HTTPTunnel from http://www.nocrew.org/software/httptunnel.html , the HTTPTunnel Server runs on a box outside the wall . The Client under a windows 2k Server in the internal Zone which is protected by the firewall . The Firewall blocks only incomming Traffic to all Ports in exception to Port 21 , 25 , 80 ; outboundtraffic is allowed with no limits ( only some P2P Ports are blocked ) .
Ok ive run the Httptunnel Client on the victim and forward the traffic on Port 3333 to my box outside the Wall per Http Tunnel . ( htc -F 3333 testip.someip.com:80 )
K , the HTTPtunnelserver runs on Port 80 ( have the testip.someip.com IP ) and forward the traffic to localhost:8000 ... And here is the Problem .
For tunneling applications with a static server outside the firewall like Icq , Irc it is absolutly no problem . But if it is a Server on the Victim , the server wouldn't connect to the user , the user would (and want) to connect to the Server Daemon . So it is not possible to forward the Traffic from the HTTPTunnelServer to a other Ip because many clients want to connect and not only one .
Now i'm totaly confused and have absolutly no idea how to get a ftp server through a hardware - firewall with filtering enabled . :/)
Thx 4 every trick and tip , [Sunny]
with the link above its talking about you ill see if i can clean it up
first you must have a have a computer on the outside of the firewall hosting a ssh server..
The inside computer that behind the firewall will use a client ssh program to connect outside to the ssh server.
the client will connect to the server with port fowarding enabled on port(*),
so when sombody connets to the server on port * they will connect up with the client on a port that you tell it to goto.
With port instead of pasv in ftp hopefully the information doesnt go through the tunnel but rather go directly to the person, the triangle picture
first you must have a have a computer on the outside of the firewall hosting a ssh server..
The inside computer that behind the firewall will use a client ssh program to connect outside to the ssh server.
the client will connect to the server with port fowarding enabled on port(*),
so when sombody connets to the server on port * they will connect up with the client on a port that you tell it to goto.
With port instead of pasv in ftp hopefully the information doesnt go through the tunnel but rather go directly to the person, the triangle picture
It sounds like what you are really trying to do is allow funky ports to a theoretically "hacked" box which will not be possible if you don't have control over the firewall. The only way to do it is to take over the existing open ports for your own programs or to hide your stuff in subdirectories. Sounds like they do already have FTP open to the box so it should work on that port.
Of course if they have any sort of detection (even looking at the FW logs) they should be able to pick you up pretty quickly and track you down. If you were actually cracking into a box, which I assume you aren't, I'm just going to assume that this is a theoretical exercise.
--G>>P
Of course if they have any sort of detection (even looking at the FW logs) they should be able to pick you up pretty quickly and track you down. If you were actually cracking into a box, which I assume you aren't, I'm just going to assume that this is a theoretical exercise.
--G>>P
If im not mistaken FPIPE will allow you to get through even a hardware firewall if your source port is something that is allowed. One trick I have used in the past is to continually make HTTP request and try to ride other data through the same tunnel. One method that I have been able to get to work quite easily is to find a HTTP type scanner such as NStealth that checks web servers. I open up a scan from my PC while at the same time trying the FPIPE utility to ride a tunnel through the hardware firewall to the Internal network. if you are on a fast connection and the firewall has fast path type forwarding enabled you will get through. If on a slow network with long timeouts you may not get through so easily. Its worth a shot anyway.
Damn man, old posts you bring up 
Yeah I solved the problem already though..
Solution: I moved out from that apartement
I would like to learn more about piping stuff, making it look like http request when it infact is streaming webcam (for example..)
Yeah I solved the problem already though..
Solution: I moved out from that apartement
I would like to learn more about piping stuff, making it look like http request when it infact is streaming webcam (for example..)
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
