Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Hardware Firewall issues

  1. #1
    Junior Member
    Join Date
    Sep 2004
    Posts
    3

    Lightbulb Hardware Firewall issues

    Ok heres the deal, Im an A+/Network+ tech, I also teach classes at night on that and other things. I can usually figure out just about anything, but there has been one thing i cant figure out.

    It all started a few weeks ago, a client, lawyer/forensic accountant asked me to break some windows passwords and a few other things. I was able to do everything he asked, and I had a lot of fun doing it. So now this has sparked my interest. He wants to know if I can do some ethical hacking for some of his customers, and I told him id get back to him. I really want to do it, not only is it fun, but its really good money. I think im in just a little over my head Anyways back to my question.

    I can do just about anything on the networks I have been working with, thanks mostly to cain and abel and a few other tools. but thats when they give me a machine on the local network. But when the internet is in front of me, I have no idea how to get through the firewalls, software or hardware.

    Can someone point me in a good direction as to how to get the first machine. I can do anything on the customers network, but when i need to get in over the internet, im screwed.

    Thanks, any tutorials, links, or advice is greatly appreciated.
    John

  2. #2
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    Read your post and thought of this thread which took me a bit to dig up.
    http://www.antionline.com/showthread...light=firewall
    Hope there is some useful info in there for you, and that more people come with more info to add on top of that. Peace.

  3. #3
    I would start by getting their externial ip, or checking for any open wireless networks.
    two things you say should never be in the same statement: lawyer & ethical

  4. #4
    Regal Making Handler
    Join Date
    Jun 2002
    Posts
    1,668
    Two words, "Social Engineering".

    Maybe you no something of them
    What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry

  5. #5
    Junior Member
    Join Date
    Sep 2004
    Posts
    3
    Well lets just say i have thier external ip, they have actually given it to me. I run a port scan and find like 2 ports open what then, just look for exploits? what if 0 ports are open? Any tutorials or advice starting after that point?

    Thanks John

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    first id like to say that mercenary hacking will land you the longest jail terms no matter whos footing the bill. that said, getting past a f/w istn't really an option. some have exploits but most fail closed which does you no good. you have to get a back-door/trojan/whatever to connect to you. depending on the type of f/w this might get pretty tricky but there a quite a few out there for any situation. pack it and morph it until it is undetected by all av systems, a process that will have to be repeated each time as new av sigs come out. then get the target to download/run it, use your social skills to find a gullable user and a good ploy. try the newest vulns ..still very likely to be un-patched on most workstations then ...well, use your imagination. now depending on the security of the network and the information your after you may or may not have to esculate privialges...you dont have to be told not to do this from home...right?
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  7. #7
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    first id like to say that mercenary hacking will land you the longest jail terms no matter whos footing the bill
    Mercenary hacking.....I never heard of that expression before. Very good Tedob1, I'll have to remember that one.

    Ethical hacking can only be accomplished with the expressed and written consent of the owners of the network/equipment that you are attempting to hack/crack. If you are attempting to break into a system, and or network, without the knowledge and or permission of the owners.........It is not ethical and not legal. With the exception of authorized law enforcement personel with a wire tap authorization in hand.

    If your lawyer client is telling you different, than he is lying to you and setting you up for a hell of a fall. As Tedob1 has already stated, this will land you the hardest and longest jail terms, even longer than hacking to steal money.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,785
    you like that moxnix?....it's yours

    BTW what two ports show open? if one a web server that might be a whole different ball game! and use nmap to determin the fw type so you know what your dealing with.
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  9. #9
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    Sounds wrong way round to me.................I would expect to check and harden the system from the inside FIRST before testing it for hackability?

    just a thought

  10. #10
    Junior Member
    Join Date
    Sep 2004
    Posts
    3
    Ok so heres where im at, he gave me his external ip (made him goto ipchicken.com) and for kicks he says, he gave me his home ip as well. I had him draw up a document that says he gave me permission to attempt anything i want. Its kinda ruff around the edges, but he also made it reusable for me incase i get good at this.

    Anyways, ive been doing a whole hell of a lot of reading, I have a good amount of intrest in this and theres good money so why not lol

    So now, i used NetTools3 to run a port scan on the both machines. i have found that the only port open on them is the pop3 110. Im not really sure whats next. I tried messing around with a whole heep of apps from the astalavista cd, that didnt really get me anywhere, also I have been checking out the Learnkey Hacking Revealed cds.

    Anyways I appreciate all the help so far, and if you dont mind a little hand holding, whats next?

    ps the home machine is xp pro running norton firewall(i always here its crap, i dont use symantec anything on customers machines) and the work machine is behind a home grade linksys router.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •