Pass to kill some domestic firewall techniques-vulnerability warning-the black bar safety net

2006-02-11T00:00:00
ID MYHACK58:6220067052
Type myhack58
Reporter 佚名
Modified 2006-02-11T00:00:00

Description

Always have a dream: even if I could find some vulnerability or BUG or something. So after a long day at the computer 瞎弄 blind study? Research how to break through the firewall coupling here refers to the firewall is a software Personal Firewall, the hardware coupling also didn't condition it. Hey Hey, you also don't say, also really don't understand research, but also true to the even discovered most firewalls common problem. This BUG could allow us to trick the firewall to achieve access outside of the object, the specific situation is like? Consider the following commentary! First of all, I want to introduce the Windows System Properties, when a program is running, it cannot be deleted but can be renamed now! And when the system is protecting the program was deleted or corrupted, or renamed when the system will promptly call the backup file is given to restore it! I'll talk about the firewall, we all know that many of the firewall“application rules”in General the default will allow the IE browser iexplore.exe and Outlook Express msimn.exe and lsass.exe and spoolsv.exe and MSTask.exe and winlogon.exe and services.exe and svchost. exe by, and most of the firewall considers that as long as the rules of the path and the file name the same just Pass it! In such a detection method to decide whether to release, but it completely didn't take into account if it is another file to replace it?-- It is the equivalent of a Costume Piece in disguise surgery, easy content after the confirmation incredible! This gives us the opportunity, we can use this BUG to trick the firewall to reach the access outside the purpose! Tip: in fact, now most of the Trojans use the DLL plug-Threading Technology is the use of this principle, they first secluded on a certified release of the program processes such as Iexplore. exe process, then the DLL-Trojan inserted into this thread, and then visit the outside when you can easily break the firewall restrictions--because the firewall is not intercepting the authenticated release of the program. The principle finished, we now talk about the How to use this BUG! Here I use a virtual machine to do experiment, producing the following conditions: In order to more in line with reality, I gave the server install the“Skynet firewall”, Radmin, but due to the firewall specifies the access IP address, so no way a normal link!, and MSSQL SERVER, Serv-u. First, we use the commonly used method for port forwarding, look at the firewall have what reaction! First step, enable AngelShell Ver 1.0 in Fport to conduct port forwarding of the service end, almost can forward any port, and then in the local FportClient to be port forwarded to the client monitor!