epic
User
Inregistrat: acum 17 ani
Postari: 1896
|
|
Lesson 5-1Gaining Access
Ahh The Long awaited chapter, Ok Maybe Not, This is gonna be a series,OK basically this a a REALLY REALLY REALLY REALLY big part of rooting and I believe I have to thoroughly address all the issues at hand with rooting, starting first with Firewall - A Foe The Rooter will encouter time and time again In Fact I will Split up Firewalls into 3 Chapters.All before this is worthless, You might want to take a nap, or eat something before this because this will be rather long.
Before we start a couple wierd words
Firewall Ruleset - Within a firewall there are defined rules popularly referred to as the "firewall ruleset". These rules define what kind of traffic comes in and what kind of traffic goes out. For example, if you are a bank that does not perform any sort of web hosting or provide e-mail services on-site, you should have a very tightly defined ruleset that prevents access to any ports on your firewall or to the rest of your internal protected network. On the other hand, if your bank provides an array of services like web hosting, Internet banking and e-mail services, this necessitates opening ports for those services. In that instance, your ruleset will define who can get to those ports.
TCP/UDP - Abbreviation of Transmission Control Protocol, and pronounced as separate letters. TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent. UDP acts similarly in the fact that it transmits data - but does not guarentee lack of Data corruption
As I said this step is the most important, Its the most difficult as well, Let me tell you why. Simply Enough is Firewalls and Services which do not run. Firewalls can kill any Rooting dream, they pretty much are the be all and end all of Access security, Its like covering your house with 40 inchs thick of Steel, Of course the thing is If the Steel is amalgated with too much carbon a small rock could create a hole in that 40 inchs in minutes, Not enough iron and a solder iron can melt your way through, also Who wants to cover thier house with steel, It will block out all the nice sunlight coming in the windows, And You want to be able to get out of the house, No? Gotta leave out the door open. A properly configured Firewall is almost impossible to defeat, however most are not, And thus begins a very very long article Series..
Firewalls - There are about 7000-some different ways to get around these babes, These are the primary ways to do it, In this particular article I am assuming you are Rooting someone worth rooting, not just some standalone network computer or something.
Does your victim have SSH Running? Does Your Victim support Proxying? What Firewall is your victim running? Does your Victim have a SQL database? What ports does your victim have blocked
Alright Lets make defeating Firewalls more methodic then it should be, Step One - Port Scanning
Port Scanning - As I have said before, Download Nmap it will love you and you will love it. Port Scanning is an important part of Rooting, Port scanning techniques take form in many specific and differentiated ways.
A Brief Guide To the Techniques (I.E How to not get your scanning detected by "them"
TCP SYN scan ( -sS in Nmap)
SYN scan is the default and most popular scan option for good reasons. It can be performed quickly, scanning thousands of ports per second on a fast network SYN scan is relatively unobtrusive and stealthy, since it never completes TCP connections. It also works against any compliant TCP stack rather than depending on idiosyncrasies of specific platforms as Nmap's Fin/Null/Xmas, Maimon and Idle scans do. It also allows clear, reliable differentiation between the open, closed, and filtered states. This technique is often referred to as half-open scanning, because you don't open a full TCP connection. You send a SYN packet, as if you are going to open a real connection and then wait for a response. A SYN/ACK indicates the port is listening (open), while a undeva (reset) is indicative of a non-listener. If no response is received after several retransmissions, the port is marked as filtered. The port is also marked filtered if an ICMP unreachable error (type 3, code 1,2, 3, 9, 10, or 13) is received. ( Shamelessly Stolen From Nmap's Website)
TCP Full Connect Scan (-sT)
Probably not a good idea, 1 They can tell that you are doing it, 2 (More Importantly, Because Port Scanning is Not Officially Illegal) Nmap asks the underlying operating system to establish a connection with the target machine and port by issuing the connect() system call, Nmap has less control over the high level connect() call than with raw packets, making it less efficient.
UDP Scan (-sU)
_______________________________________ :< 4 8 15 16 23 42 *execute* TOATA LUMEA ESTE INVITATA PE NOUL FORUM!
|
|