Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Firewall/Pentesting questions

  1. #1
    Just burned his ISO
    Join Date
    Apr 2009
    Location
    MA
    Posts
    7

    Unhappy Firewall/Pentesting questions

    Hello guys, if my post seems a bit simple to you it wouldn't shock me. I have a windows xp sp3 box, and i have intentionally closed all ports with my AVG firewall. now i want to use my laptop to attack my home box, but obviously with no ports open this becomes a problem. is there another form of tunneling i can use to open these ports without permission from the target box? so far i am learning that ssh tunneling requires permission from the other end, now i want to skip that part and cut my way into my system WITHOUT permission. putty seems to be commonly used, but i still think that requires permission yet once again. i have heard of firewalking but have found little information on it. thanks again guys, hopefully you can help me lock down my network.

  2. #2
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    Try the "Reverse TCP" and see whether the victim PC asks for permission, most probably it will...have a go.
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  3. #3
    Just burned his ISO
    Join Date
    Apr 2009
    Location
    MA
    Posts
    7

    Default

    Thanks, checked the link.

  4. #4
    Member
    Join Date
    Jan 2010
    Posts
    332

    Default

    Have you even read the post kazalku linked for you? It is not about the ms08-067, it's about concealing the payload as something else. The only other way to access the system remotly is using a rougeAP and getting the victim to download the malicious payload. You can't magically open ports without access to the system.
    SecurityTube has two new sections. Questions & News

  5. #5
    Just burned his ISO
    Join Date
    Apr 2009
    Location
    MA
    Posts
    7

    Default

    my bad, didnt even notice the link. thanks for the input, i really appreciate the speed you guys have responded.

    ok, now i understand karma is a good rogue ap program, thats cool, but my ipw2200 card cant do crap with it. now as far as kazalku's link says, you require the user to open an attachment with the payload embedded in it or something....if anyone can explain in a more detailed way this is done that would be great.

    also, from what i understand ANY system is not 100% secure, now if thats true, why do i need access to the system first to open ports? in that case how do even access a computer without any open ports

  6. #6
    Member
    Join Date
    Jan 2010
    Posts
    332

    Default

    You can edit your post when you want to change or add something.
    You can add a payload (windows/meterpreter/reverse_tcp) which you have created using metasploit (provided your IP and port to which you want it to connect) to any word, excell, PDF file. When a user on a victim machine runs it the meterpreter will connect to your machine making an outgoing connection - but will probably display the security warning first (depending on the macros settings).

    No system is 100% secure mainly 'cause of it's weakest link - the user. So google up <social engineering>.
    SecurityTube has two new sections. Questions & News

  7. #7
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by DtL666 View Post
    now as far as kazalku's link says, you require the user to open an attachment with the payload embedded in it or something....if anyone can explain in a more detailed way this is done that would be great.
    Why dont you try it out, then if you dont understand it do some research on the commands that were used to create the file, as well as how client side exploits work (hint: there may be vulnerabilities in the software packages that open particular files, that could be exploited using malicious file content).

    If you have specific questions about this once you have done some research, come back and ask them, but put in some effort first, you wont be able to understand this stuff unless you have some knowledge in the subject.

    Quote Originally Posted by DtL666 View Post
    also, from what i understand ANY system is not 100% secure, now if thats true, why do i need access to the system first to open ports?
    Just because a system isnt 100% secure doesnt mean you can break into it however you want. You have to work with the weaknesses the system has. And if the system you are attacking has a firewall that works properly, and all the ports are shut, then you wont be able to attack it using traffic that requires an open port. (Which includes any TCP or UDP connection you make to that system.)

    Quote Originally Posted by DtL666 View Post
    in that case how do even access a computer without any open ports
    kazalku already told you this - Reverse TCP.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #8
    Junior Member
    Join Date
    May 2009
    Posts
    61

    Default

    Exploit windows/smb/ms08_067_netapi will not work if in section exceptions in firewall file and printer sharing isnt eneable.

    You must enable file and printer sharing if you want this exploit to work so this will open critical 445 port for this exploit.

    Also you can start nmap this is useful thing to see fast which ports are open and which services are eneabled so you can target the m.

    P.S There are some genius script kiddies who tries exploit for winamp but winamp isnt installed on computer. Not the version for which exploit works but winamp at all and then they goes: why this doesnt work where i am going wrong i uploaded malicious pls file and open it with notepad and dosent work and then say damm exploits and metasploit, hahahaha!!!

  9. #9
    Member kazalku's Avatar
    Join Date
    Feb 2009
    Posts
    416

    Default

    I got crystal clear idea about Reverse TCP from this thread. I recommend to read ALL 81 posts there before you come back here with any question.
    If you can't explain it simply, you don't understand it well enough -- Albert Einstein

  10. #10
    Member
    Join Date
    Jan 2010
    Posts
    332

    Default

    Yes, that's a great thread. I read it numerous times and still go back to it just to get my thinking straight.
    SecurityTube has two new sections. Questions & News

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •