Ravenrx7 Posted August 18, 2015 Share Posted August 18, 2015 Im trying to master the art of firewalking on a network I manage ( work at), with that said I understand fire-walking can reach past the FireWall with a TTL of 1. I have placed a client one hop away from the core firewall in hopes of using a firewalking cmd to reach that nc client on the port I assigned. Most of the videos onlne show, LAN to LAN nc conenctions, which is great but I think if we were comprised, the attack would be remote. My tools, Kali 1.0, Sonicwall FW and good ole Netcat. Quote Link to comment Share on other sites More sharing options...
Ravenrx7 Posted August 18, 2015 Author Share Posted August 18, 2015 I have 80,443 on the firewall but the listening port on the nc is 31337. Quote Link to comment Share on other sites More sharing options...
digininja Posted August 18, 2015 Share Posted August 18, 2015 Your listening port has to be open on the firewall otherwise it just drops the packet. Quote Link to comment Share on other sites More sharing options...
digininja Posted August 18, 2015 Share Posted August 18, 2015 and it doesn't matter if it is LAN to LAN or WAN to LAN, the key thing is the firewall being between the two networks, to it they are just two networks it separates. Quote Link to comment Share on other sites More sharing options...
Ravenrx7 Posted August 18, 2015 Author Share Posted August 18, 2015 okay and if you used a higher port than the 1024 normal ports, would that work? If I use port 80 or 443 which is open, that's basic web traffic how would I point to that internal IP on port 80? Quote Link to comment Share on other sites More sharing options...
Ravenrx7 Posted August 18, 2015 Author Share Posted August 18, 2015 Let me clarify, if port 80 is open this allows all internal clients to retrieve www. How can I specialize this packet to direct to a certain internal client? Quote Link to comment Share on other sites More sharing options...
digininja Posted August 18, 2015 Share Posted August 18, 2015 I think you've got your directions the wrong way round, if you open port 80 on your firewall then that usually means you are allowing traffic in on port 80 not out. If the firewall is setup to cover just a single IP then traffic on open ports passes straight through to the IP behind, if it is setup to to do NAT then you have to configure what internal IP and port the open port 80 is redirected to. Quote Link to comment Share on other sites More sharing options...
Ravenrx7 Posted August 18, 2015 Author Share Posted August 18, 2015 Correct, I understand on that portion about a one to one NAT. I wanted to see if there was a way around using a black hat method. What method would they take and how do I secure it? Quote Link to comment Share on other sites More sharing options...
digininja Posted August 18, 2015 Share Posted August 18, 2015 If a port on the firewall is closed then you can't use another port to see through to it, that isn't what firewalking is about. If you want to probe the inside of a network from outside you need to find something to pivot off inside and then use that to poke at things. Here is more info on fire walking http://www.giac.org/paper/gsec/312/firewalk-attackers-firewall/100588 One way, at a stretch, is if you can get access to an app through which you can make HTTP requests, you can give it IPs and ports and then compare responses. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.