Hey guys, Another Blog
Today, we are going to see how we can bypass Firewall or access control using NMAP and other tools and techniques specially made with Beginners in mind.
You can be a Pen-tester, you might be asked to scan any network at any network or you can be a beginner in Pen-testing profile, Knowledge of Detecting Firewall and Bypassing of firewall is Mandatory
Lets see what we can learn and share today regarding this topic.
Am gonna show you some basic commands that we can perform how to find out and how to bypass Firewall in a network.
We can find out the presence of firewall by scanning with simple nmap Command “nmap IP”, If you got the results the all the scan ports are filtered then there is a presence of firewall in-front of that specific Machine.
You came to know the presence of firewall by using trace-route command also “traceroute IP” if the machine is protected by firewall you will get your result in the form of Asterisks (*)
We can do fire-walking to bypass the firewall to check for the open ports so that we can enumerate more information from the open ports which we will use in further penetration testing.
Then we can use hping3 tool to enumerate the open ports which are allowed by Firewall, so we can use those ports for further exploitation by using the command hping3 -S IP -c 100 -p ++1. -S indicates SYN Packets, -c for Packet count -p for destination port with an increment loop to scan all the port.
We can go with another method of Fragmentation of Packets in which the packets are fragmented to get into firewall to bypass the firewall by using the command nmap -f 192.168.0.148.
We can go with Setting up a Decoy method to setting up Multiple Decoys to fool firewall that it will receive request from multiple IPs, so it got confused which one is real one. we can do this by the command nmap -D RND:10 IP (with Random 10 decoys), nmap -D decoy1,decoy2,decoy3 IP.
Using Maximum Transmission Unit:
We can try by using setting maximum transmission unit by using the command nmap –mtu 24 IP (mtu should in multiples of 8 <8,16,24,32>)
USING FLAGS METHOD:
We can try to bypass by using setting up FlAGS like SYN, FIN, NULL, ACK. we can see the MAC address of the Machine.
MAC ADDRESS SPOOFING METHOD:
We can use MAC address which is allowed in firewall to bypass firewall by using the command nmap -sT -Pn –spoof-mac VENDOR IP here vendors are like MAC, DELL, HP.
We can go with our Random MAC address also, we can go with 0 option that automatically assigns random MAC for bypassing firewall.
We lots and lots of methods to bypass firewall on the basis of your target, you can clearly see that i got only 2 positive results depends on the Target Machine configuration.
We can use Proxies, we can use Allowed IPs, We can use data Sizes, We can use Port Redirection, we can use Anonymous sites, MITM Attacks, and also by tunneling HTTP traffics.
I also written a blog on using a covert TCP stream on how to hide data in unused fields of TCP header you can read this here.
That’s it guys, happy hacking.
Let me know if you know more techniques to bypass firewall in the comment section below.