RE: [PEN-TEST] Download fw1 topology

From: Ogle Ron (Rennes) (OgleRat_private)
Date: Tue May 15 2001 - 00:46:23 PDT

Next message: railwayclubposseat_private: "RE: [PEN-TEST] Detecting the presence of a firewall"

Previous message: BrainSCAN: "Access a remote registry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Recall that Checkpoint has two forms for VPNs, fwz and IPsec.  If you are
using fwz, then SecuRemote (Secureclient) will download the topology without
authentication first.  If you are using IPsec, then SecuRemote will request
authentication before it will download the topology.

If you look in your userc.c file, you will find many interesting pieces of
information that can be used to hack.  First, you will find all of the IP
addresses and directly attached networks of all of the interfaces on the
firewall.  Second you will find all of the networks that are included in the
firewall's encryption domain.  These networks are considered behind the
firewall.  It will show you what firewall version and what VPN types that it
will support (FWZ and IPsec).  It will show you the identity of the
firewall's manager which may or may not be the firewall itself.  This could
be a machine somewhere else.  If you can compromise this machine, you've got
the keys to the kingdom.  This is also the machine that you download the
info for this userc.c file.

In the newer versions of SecuRemote, you have a policy section.  This
section in essence creates a firewall solution on the SecuRemote machine.

One last thing.  If you know what your doing, you can change some of the
information in this file by hand.  For example, I've added DNS servers,
deleted networks and changed netmasks without having to "update" my
configuration.

Ron Ogle

> -----Original Message-----
> From: railwayclubposseat_private
> [mailto:railwayclubposseat_private]
> Sent: Tuesday, May 15, 2001 2:34 AM
> To: PEN-TESTat_private
> Cc: davew@sec-tec.com
> Subject: Re: [PEN-TEST] Download fw1 topology
> 
> 
> When I use the Secureclient to try to download topology, it 
> asks me for 
> a certificate. I don't get anything else. 
> If I use a certificate, I get some very interesting and cool 
> things in my 
> users.c file. How do you get it before you authenticate? 
> They've got the 
> latest version/sp.
> 
> The SDK for the API (OPSEC) used in all the Checkpoint 
> products is available 
> for download. Could be fun.
> 
> > David Wray [mailto:davew@sec-tec.com] wrote:
> > I often try to perform a download VPN
> > topology request using Checkpoint Secureclient. Once the 
> download is done,
> > any request for the Internal IP address scheme will prompt 
> for a username
> > and password.
> 
> Free, encrypted, secure Web-based email at www.hushmail.com
>

Next message: railwayclubposseat_private: "RE: [PEN-TEST] Detecting the presence of a firewall"
Previous message: BrainSCAN: "Access a remote registry"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 15 2001 - 09:14:15 PDT