Re: [PEN-TEST] Websense bypass ?

From: Crist Clark (crist.clarkat_private)
Date: Thu Apr 26 2001 - 16:03:55 PDT

  • Next message: Polar Bear: "[PEN-TEST] port 9200/udp scans (Print Lexmark)"

    John Bumgarner wrote:
    >
    > Tony,
    >
    > Here the information concerning converting to IP address to a number string:
    >
    > With some firewall implementations, you can bypass the URL filtering rules:
    >
    > Obtain IP address of a filtered URL:  http://www.netaddress.com or
    > http://204.68.24.100
    > Convert IP address to binary using calc.exe - 11001100 01000100 00011000
    > 01100100
    > Concatenate the binary together 11001100010001000001100001100100
    > Convert this number to decimal using calc.exe - 3427014756
    > Enter this in your browser - http://3427014756
    
      100 + 24*256 + 68*256^2 + 204*256^3 = 3427014756
    
    Is a lot less work than doing the middle conversion.
    
    Actually, (for those who think in reverse-Polish notation, this
    is the obvious way), the easiest is more like,
    
      ((((204*256) + 68)*256 + 24)*256 + 100 = 3427014756
    
    On calc.exe, keystrokes are like,
    
      204*256+68<enter>*256+24<enter>*256+100<enter>
    
    Of course, another fun way to get by stoopid filters that don't really
    understand URLs is to,
    
      % printf "0%o.0%o.0%o.0%o\n" 204 68 24 100
      0314.0104.030.0144
    
    To give,
    
      http://0314.0104.030.0144/
    
    Or even just convert 3427014756 to octal,
    
      http://031421014144/
    
    Or how about mix and match,
    
      http://204.0104.24.0144/
    
    Or,
    
      http://204.0104.6244/
      http://204.0104.014144/
      .
      .
      .
    
    There are a _lot_ of ways to write an IP address in a URL.
    --
    Crist J. Clark                                Network Security Engineer
    crist.clarkat_private                    Globalstar, L.P.
    (408) 933-4387                                FAX: (408) 933-4926
    
    The information contained in this e-mail message is confidential,
    intended only for the use of the individual or entity named above.  If
    the reader of this e-mail is not the intended recipient, or the employee
    or agent responsible to deliver it to the intended recipient, you are
    hereby notified that any review, dissemination, distribution or copying
    of this communication is strictly prohibited.  If you have received this
    e-mail in error, please contact postmasterat_private
    



    This archive was generated by hypermail 2b30 : Thu Apr 26 2001 - 20:49:10 PDT