{"id":40,"date":"2014-09-26T15:21:00","date_gmt":"2014-09-26T15:21:00","guid":{"rendered":"http:\/\/www.asianux.org.vn\/index.php\/2014\/09\/26\/bypassing-firewalls-and-avoiding-detection\/"},"modified":"2014-09-26T15:21:00","modified_gmt":"2014-09-26T15:21:00","slug":"bypassing-firewalls-and-avoiding-detection","status":"publish","type":"post","link":"https:\/\/www.asianux.org.vn\/index.php\/2014\/09\/26\/bypassing-firewalls-and-avoiding-detection\/","title":{"rendered":"Bypassing Firewalls and Avoiding Detection"},"content":{"rendered":"
The type and scope of the penetration test will determine the need for being stealthy during a penetration test. The reasons to avoid detection while testing are varied; one of the benefits would include testing the equipment that is supposedly protecting the network, another could be that your client would like to know just how long it would take the Information Technology team to respond to a targeted attack on the environment.<\/span><\/div>\n

<\/span><\/div>\n
Not only will you need to be wary of the administrators and other observers on the target network, you will also need to understand the automated methods of detection such as web application, network, and host-based intrusion detection systems that are in place to avoid triggering alerts.<\/span><\/div>\n

<\/span><\/div>\n
NOTE:-<\/b><\/u>When presented with the most opportune target, take the time to validate that it is not some sort of honeypot that has been set up to trigger alerts when abnormal traffic or activity is detected! No
sense in walking into a trap set by a clever administrator. Note that if you do find a system like this it is still very important to ensure it is set up properly and not inadvertently allowing access to critical
internal assets due to a configuration error!<\/span><\/div>\n

Lab preparation:-<\/b><\/u><\/span><\/h3>\n
BackTrack, pfSense, and Metasploitable virtual machines should be configured in the following manner:<\/span><\/div>\n
\"\"<\/a><\/span><\/div>\n

<\/span><\/div>\n

Kali Linux guest machine:-<\/u><\/span><\/span><\/h3>\n

<\/h3>\n
This machine will need to be connected to the 192.168.10.0\/24 subnet. In the Oracle VM VirtualBox Manager console highlight the Kali Linux instance and select the Settings<\/b> option from the top navigation bar. Ensure that only one network adapter is enabled. The adapter should use the Vlan1<\/b> internal network option.<\/span><\/p>\n
\"\"<\/a><\/span><\/div>\n<\/div>\n
Now power on your Kali machine and configure IP address manually as follow:<\/span>
#ifconfig eth0 \"\"192.168.10.10<\/span><\/span><\/span><\/span> netmask \"\"255.255.255.0<\/span><\/span><\/span><\/span> <\/b><\/span>

<\/span>As the pfSense machine will need to be our router as well, we need to set it up as the default gateway. This can be accomplished as follows:
# route add default gw 192.168.10.1 <\/b><\/span>

<\/span><\/p>\n

Metasploitable<\/u><\/span> guest machine:-<\/u><\/span><\/b><\/span><\/h3>\n

The Metasploitable machine will be used as the target. It needs to be configured to connect to VLAN2, which is a new internal network we have not used before.To create an internal network you will need to manually type VLAN2 into the network configuration screen in the Oracle VM VirtualBox Manager. Your settings should be similar to the following:<\/span><\/p>\n

\"\"<\/a><\/span><\/div>\n


<\/span><\/p>\n

pfSense network setup:-<\/span><\/u><\/span><\/h3>\n

Configuring our firewall is a bit more work. It needs to be able to route restrictive traffic from the VLAN1 network to the VLAN2 subnet. There are several configuration changes we will need to make to ensure this works properly.<\/span>

<\/span>Our firewall guest machine will use two network adapters. One will be used for the VLAN1 segment and the other for the VLAN2 segment. VLAN1 will be treated as an untrusted wide area network for the examples within this chapter. Network Adapter 1 should resemble the following screenshot:<\/span>

<\/span><\/p>\n

\"\"<\/a><\/span><\/div>\n


<\/span>Network Adapter 2 should be similar to the following:<\/span>

<\/span><\/p>\n

\"\"<\/a><\/span><\/div>\n


<\/span><\/p>\n

Pfsense WAN IP configuration<\/span><\/u>:-<\/span><\/h3>\n

The remaining networking setup will need to be performed from within the guest machine.<\/span>

1.<\/b> Boot up your pfSense virtual instance. There may be an additional delay as pfSense attempts to configure the WAN adapter. Allow it to fully load until you see the following menu:<\/span>

\n
<\/span><\/p>\n

\"\"<\/a><\/span><\/div>\n


<\/span>2. <\/b>The WAN and LAN interfaces will need to be configured properly.Select option 2) Set interface(s) IP address.<\/span>

<\/span>3. <\/b>Select option 1 \u2013 WAN.<\/span>

<\/span><\/p>\n

\"\"<\/a><\/span><\/div>\n


<\/span>4.<\/b> When asked to configure the WAN interface via DHCP type n for no.<\/span>
5.<\/b> The IP for the WAN adapter should be 192.168.10.1.<\/b><\/span>
6.<\/b> Subnet bit count should be set to 24. Type 24<\/b> and press Enter.<\/span>
7. <\/b>Next is set default gateway in our case 192.168.10.1.<\/b><\/span>
8.<\/b>Next will ask about IPv6 in our type n<\/b> and press enter.<\/span>
9.<\/b> Finally you got bellow screen:<\/span>

<\/span><\/p>\n

\"\"<\/a><\/span><\/div>\n


<\/span>10.<\/b> Press Enter again to return to the configuration menu.<\/span>

<\/span>Your LAN and WAN IP ranges should match the following:<\/span><\/p>\n

\"\"<\/a><\/span><\/div>\n


<\/span><\/p>\n

Pfsense LAN IP configuration<\/u><\/span>:-<\/span><\/h3>\n

We can set up the LAN IP information from the configuration menu as well. One benefit of configuring the LAN here is that we can have a DHCP server configured for VLAN2 at the same time.<\/span>

<\/span>1. <\/b>Select option 2 from the configuration menu to start the LAN IP Configuration module.
2.<\/b> Choose the LAN interface (Option 2).
3.<\/b> When prompted to enter the IP address type 192.168.20.1.
4.<\/b> The bit count should be set to 24.<\/span>
5.<\/b> Next is set default gateway in our case 192.168.20.1.<\/b> <\/b><\/span>
6.<\/b> When asked if you would like a DHCP server to be enabled on LAN choose y for yes.
7.<\/b> DHCP Client IP range start will be \"\"192.168.20.10<\/span><\/span><\/span><\/span>.
8.<\/b> DHCP Client IP range stop will be \"\"192.168.20.50<\/span><\/span><\/span><\/span>. <\/span>

<\/span><\/p>\n

\"\"<\/a><\/span><\/div>\n


<\/span> 9. <\/b>Press Enter again to return to the configuration menu.Your LAN and WAN IP ranges should match the following:<\/span><\/span>

<\/span><\/p>\n

\"\"<\/a><\/span><\/div>\n


<\/span><\/p>\n

 Firewall configuration:-<\/u><\/span><\/span><\/span><\/h3>\n

pfSense can be configured using its intuitive web interface. Boot up the Kali Linux machine with VLAN2, open a terminal and perform a sudo dhclient to pick up an address from the pfSense DHCP server on VLAN2 (192.168.20.0\/24).<\/span><\/span>

<\/span>In a web browser on the Ubuntu machine type http:\/\/192.168.20.1\/<\/b> to access the configuration panel. If you have reset to factory defaults you will need to step through the wizard to get to the standard console. <\/span><\/span>

<\/span>Note:-<\/b>The default username and password combination for pfSense is: admin\/pfsense<\/b>. <\/span><\/span>

<\/span>To view the current firewall rules choose Firewall | Rules<\/b> and review the current configuration. By default the WAN interface should be blocked from connecting internally as there are not preestablished rules that allow any traffic through. <\/span><\/span>

<\/span>
<\/span><\/p>\n

\"\"<\/a><\/span><\/div>\n

<\/span>

<\/span>For testing purpose, we will enable ports 80, 443, 21, and allow ICMP. Add the rules as follows:
1.<\/b> Click on the add a new rule button displayed in the preceding screenshot.
2.<\/b> Use the following rule settings to enable ICMP pass-through:<\/span><\/p>\n