GoFuckYourself.com - Adult Webmaster Forum

GoFuckYourself.com - Adult Webmaster Forum (https://gfy.com/index.php)
-   Fucking Around & Business Discussion (https://gfy.com/forumdisplay.php?f=26)
-   -   Hacking a hardware firewall with a web form (https://gfy.com/showthread.php?t=947145)

borked 01-07-2010 01:55 AM
Hacking a hardware firewall with a web form
 
Some whiz has found a way to open up NAT on hardware firewalls through some nifty javascript in a web form.

Quote:
By luring victims to a malicious link, the attacker can access virtually any service on their machine, even when it's behind certain routers that automatically block it to the outside world. The method has been tested on a Belkin N1 Vision Wireless router, and Kamkar says he suspects other devices are also vulnerable.


"What this means is I can penetrate their firewall/router and connect to the port that I specified, even though the firewall should never forward that port," Kamkar told El Reg. "This defeats that security by visiting a simple web page. No authentication, XSS, user input, etc. is required."

Kamkar's proof-of-concept page forces the visitor to submit a hidden form on port 6667, the standard port for internet relay chat. Using a hidden value, the form surreptitiously coerces the victim to establish a DCC, or direct client-to-client, connection. Vulnerable routers will then automatically forward DCC traffic to the victim's internal system, and using what's known as NAT traversal an attacker can access any port that's open on the local system.

For the hack to work, the visitor must have an application such as file transfer protocol or session initiation protocol running on his machine. The hack doesn't guarantee an attacker will be able to compromise that service, but it does give the attacker the ability to probe it in the hope of finding a weak password or a vulnerability that will expose data or system resources.

...

While Kamkar's proof-of-concept requires users to press a submit button, he said it's trivial to use javascript so no interaction is required after the page is visited.

Kamkar said he based his attack on IRC because many versions of Linux used to run routers support the protocol by default. He's based similar attacks on file transfer protocol and had success with both the Belkin and Airport Extreme routers and believes other services such SIP may work on those routers as well as other devices.
Proof of concept page - remember you have to specify a port (21 for ftp or 22 for ssh) for a service that is on your computer behind a firewall and then check from a remote location to see if you can ssh/ftp in.

Not all firewalls are vulnerable - I checked with my ADSL modem/router and all remains closed :upsidedow

Angry Jew Cat - Banned for Life 01-07-2010 02:07 AM
If you want your computer to remain secure, do not ever connect it to the internet. I'm leaning closer and closer to buying a box strictly for reliable standalone use and storage.

borked 01-07-2010 02:20 AM
and how do your transfer content onto that box? with the virus-laden USB key or HDD?

Angry Jew Cat - Banned for Life 01-07-2010 02:39 AM
Quote:
Originally Posted by borked (Post 16722781)
and how do your transfer content onto that box? with the virus-laden USB key or HDD?
Nothing comes in from anywhere. Only out on CD. Hell, fresh writable CDs are cheaper than floppy disks were!

Dappz 01-07-2010 02:42 AM
ummmmmmmm well you need to keep your server always save


All times are GMT -7. The time now is 06:10 AM.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2025, vBulletin Solutions, Inc.
©2000-, AI Media Network Inc