Search
HZ Tracker
Latest topics
Who is online?
In total there are 7 users online :: 0 Registered, 0 Hidden and 7 Guests None
Most users ever online was 38 on Sun Mar 19, 2023 10:07 pm
Most Viewed Topics
Evading firewalls with NMAP
Page 1 of 1
Evading firewalls with NMAP
by Admin Sun Apr 20, 2014 9:56 pm
Basic NMAP Firewall evasion tutorial
NMAP(Network mapper) Is a powerful tool with many uses. It can fingerprint OS(Operating systems), Versions, firewalls, Ports, And services. This is a pentesters greatest tool. Why? The versions Determine the loopholes.
This being said, Its enemy is the well known firewall. Lets get started.
How to detect firewalls.
You can do this by sending SYN packets. This is not recommended as it will create a log. What you can do is send ACK Packets as it does not create a log. They are responses of SYN Packets. ACK is known as (-sA)
Nmap -sA (Your host here)
If it comes up as unfiltered, Your good to go. If it comes up as filtered, Your host the firewall.
How to evade
There are several methods. My first example is fragmenting packets. This method will work if your host cannot handle large packets. If it cant, Then you will be able to evade the firewall.
Command : nmap -ff
]Nmap NSE scripts
There are several hundreds of NSE Scripts already written. What more can you ask for? There are hundreds for different reasons and they can do many different things. If I can remember right, You can edit scripts in Perl and LUA For your scripts to be even more efficient. They are very powerful. You can find the NSE Scripts with the command : Locate*NSE
Note, I got the firewall evasion script off Google as its hard to memorize.
Command : nmap -f --script=firewall-bypass.nse (Your host here).
Use decoy address
With this command, You can spoof packets from other hosts. There will be excess amounts of IP Addresses(Including yours). But as there is so many it won be able to tell who started the scan.
Command : nmap -D RND:10 (your host here)
There is another command what I came across on Google which lets you input the IP Addresses.
Command : nmap -D decoy1,decoy2,decoy3
Source port number
Well this is simple to understand. When a firewall gets configured, It can allow certain ports to access incoming traffic.
Command : nmap -Source -port
There are some common ports what will be open. The type of host will determine what ports are open.
Spoofing MAC Address
NMAP Can allocate a random MAC Address or you can input a MAC Address on the network. This is dependant on vendor name.
Command : nmap -spoof-mac cisco (your host here).
Maximum transmission unit
And the last one of this tutorial, Setting a MTU. This is basically fragmenting packets, Except you choose the MTU of the packet. So if we give it 16 byte packets it cannot process it and the firewall will go weird and then its prime to be evaded.
IMPORTANT : the byte if the packet you allocate can only be a multiple of 8.
Command : nmap -mtu number (your host here).
Well that concludes everything here. Feedback would be nice. If you need further help PM Me.
NMAP(Network mapper) Is a powerful tool with many uses. It can fingerprint OS(Operating systems), Versions, firewalls, Ports, And services. This is a pentesters greatest tool. Why? The versions Determine the loopholes.
This being said, Its enemy is the well known firewall. Lets get started.
How to detect firewalls.
You can do this by sending SYN packets. This is not recommended as it will create a log. What you can do is send ACK Packets as it does not create a log. They are responses of SYN Packets. ACK is known as (-sA)
Nmap -sA (Your host here)
If it comes up as unfiltered, Your good to go. If it comes up as filtered, Your host the firewall.
How to evade
There are several methods. My first example is fragmenting packets. This method will work if your host cannot handle large packets. If it cant, Then you will be able to evade the firewall.
Command : nmap -ff
]Nmap NSE scripts
There are several hundreds of NSE Scripts already written. What more can you ask for? There are hundreds for different reasons and they can do many different things. If I can remember right, You can edit scripts in Perl and LUA For your scripts to be even more efficient. They are very powerful. You can find the NSE Scripts with the command : Locate*NSE
Note, I got the firewall evasion script off Google as its hard to memorize.
Command : nmap -f --script=firewall-bypass.nse (Your host here).
Use decoy address
With this command, You can spoof packets from other hosts. There will be excess amounts of IP Addresses(Including yours). But as there is so many it won be able to tell who started the scan.
Command : nmap -D RND:10 (your host here)
There is another command what I came across on Google which lets you input the IP Addresses.
Command : nmap -D decoy1,decoy2,decoy3
Source port number
Well this is simple to understand. When a firewall gets configured, It can allow certain ports to access incoming traffic.
Command : nmap -Source -port
There are some common ports what will be open. The type of host will determine what ports are open.
Spoofing MAC Address
NMAP Can allocate a random MAC Address or you can input a MAC Address on the network. This is dependant on vendor name.
Command : nmap -spoof-mac cisco (your host here).
Maximum transmission unit
And the last one of this tutorial, Setting a MTU. This is basically fragmenting packets, Except you choose the MTU of the packet. So if we give it 16 byte packets it cannot process it and the firewall will go weird and then its prime to be evaded.
IMPORTANT : the byte if the packet you allocate can only be a multiple of 8.
Command : nmap -mtu number (your host here).
Well that concludes everything here. Feedback would be nice. If you need further help PM Me.
Admin- Coder
- Posts : 101
Join date : 2014-04-07 -
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
» SQL injection and Quote escaping
» [TUT] Chmod: Files & Permissions [TUT]
» Reaver pixiewps
» How To Crash Someone's Skype in 10 SECONDS
» Internet Security & IP Security (IPSec)
» [Python] Infinite / Definite File Generator
» [C#] String Case-Inversion
» Rekall Memory Forensic Framework