Bypassing Firewalls using an FTP

EDB-ID:

13651

CVE:

N/A


Author:

GlaDiaT0R

Type:

papers


Platform:

Multiple

Date:

2010-03-28


###################################################
 # [+]Title: [Bypassing Firewalls using an FTP]
 ###################################################
 # [+] About :
 ###################################################
 # Author : GlaDiaT0R      |   the_gl4di4t0r[AT]hotmail.com<http://hotmail.com>
 # Team : DarkGh0st Team | Tunisian Power Team  ( DarkGh0st.Com )
 # Greetz: Boomrang_Victim, Marwen_Neo & all my friends in Security Challenge days 2010
 ###################################################

As you probably know, a firewall is nothing more than a prebuilt set of rules that determines what happens on a network, or what did not happen there. However, if the firewall is poorly implemented or buggy, the override will be a breeze because the filtering rules normally could become important therefore totally useless.

Set a source port for its connections is one of many methods used to bypass a firewall. In fact, the Firewall check mainly the IP addresses and source ports and destination ports for each packet sent across the network, which allows to write rules far more easily. There are two categories of firewall, Stateless and Stateful. The Stateful Firewall, the opposite of Stateless memorize the state of connections (Connection Request, Connection established ...).

However, certain applications or protocols such as FTP are a real problem for packet filtering. FTP indeed indicates that the server sends data from its port 20, to a client port. Therefore, if an administrator wants to allow the opportunity for guests to use its network for FTP clients, it will probably have to allow any packets whose source port is 20.

The attack is to discover the services normally hidden by performing a port scanning by configuring its packets whose source port is 20. Nmap offers this opportunity through the command option '-g'.

The challenges thereafter, once found an accessible, will ensure that all connections come from source port, providing access to the machine. In our case, this will be port 20 (Port link up for FTP). For this, different tools are already on the net.

These include, for example, AMP Fund, which is a tool for port forwarding. Indeed, by establishing a "AMP Fund-v-l 8080-s 20-r 80 <IP_Cible>, we bypass the firewall of the remote system, provided that the source port 20 is not filtered. There are also KevProxy, or a simple "kp 8080 <IP_Cible> 80 20 v" can establish a tunnel to port 80 of the target machine.

Thank you for reading ! =)