10 December 2008

Network Firewall Security

The Schools Network

Internal Computers ----> Router ----> MS Proxy ----> Firewall ----> The

>From this setup the configuration seems like they are pretty secure from an
outside line attack. How I know because you never get the inner domains IP
one the referred one the proxy spits out back to you.

Now then the problem with the network is that it has too many restrictions.
Some of them include
No downloading of Exe Zip Wav files
No downloading of MP3's
Banning of Popular Email Services
Banning of Shopping & entertainment sites
Port blocking (no FTP, Telnet, etc.) only port 80

I was generally pissed that I couldn't download what I wanted or go to check
my email daily and thus was determined to successful work my way into

The solution is simple and practical
To start with let's get past this crappy ms proxy. First off you can't do
the simple disable the proxy like we had done in the past. For the new guys
this is where you would just go to your "Tools" then "Internet Options"
"Connections" and depending on your settings uncheck the proxy. The Admin's
have gotten a lot tighter and well now they made it so that authentication
is needed to overcome the use of a proxy. So unless you are somehow a genius
and can get the passwords to the proxy servers then you're stuck using that
temp account you have and finding other solutions. In the old days to get
past a website ban we could find a mirror or let's say for hotmail . we
couldn't go to www.hotmail.com because that was banned but instead the
backdoor was at www.msn.com where a user could login from there. But they
caught on because the info always gets leaked and the whole domain of
Hotmail gets blocked. So a solution rumbles into my head and im thinking
PROXY! But I can't change the proxy settings to use another one. Ah, but
there is such things as proxy chaining. So let's go over what to do. If your
experienced user then you have probably traveled to
http://www.anonymizer.com/ once upon a time. This is an online proxy server
that hackers used back in the day...COUGH...COUGH. that is to say "before"
they started charging money to use there service. Every hacker knew that it
was a safe bet that you couldn't be tracked from this service. It's
basically like a 3 way phone call. You connect to there server and there
server connects to the webpage you want. Then there servers send you back
the info you requested. Simple right!

Now there are other sites that have spawned off the great anonymizer
that offer similar services and well you are just going to have to look
around for those. But wait there's more to this story, you see after the
news got around that the few and elite could get past the restrictions with
anonymizer well, the ADMINS started to notice what was going on and banned
that site as well. Moving on to how Google.com can also help. Google.com can
help because it caches its pages. Try this, do a search on google.com and
then look at the results you see below the results the section underlined
Cached. This means google.com has already indexed that site and you can pull
up all those banned websites that you really want to checkout with
google.com. But this wasn't the route I wanted to take because I still
couldn't use my email. In the end I decided to go to an old friend of mine
made by James Marshall. It's called "CGI proxy". Best script out there. What
CGI Proxy is, is a cgi script so that you can set up a web based proxy.
This script is easy to setup and can be hosted on websites. It serves as a
proxy server and thus you can use it to search the web. PLUS there's a
version out there that supports SSL. why would that be important you ask
well because hotmail uses SSL authentication so that you can get into your
email. So I setup the script takes 5 minutes and im up and running and the
school has no idea. So a basic run down is grab a copy of CGI proxy set it
up run it and be on your way searching through a proxy just like

To get past the mp3 restrictions I was furious, for the longest time I
thought the school got the best of me but I was wrong I looked into the
matter and well. WINDOWS MEDIA PLAYER was my clue. There's a file format
that windows makes its called WMA. This file extension wasn't blocked
because it's less widely used. So now it was a matter of hosting "WMA" files
that I later would converted from mp3 and uploading them to be downloaded.
If your having similar problems there's more than 1 way to skin a cat.My
second method was rather cleaver and sneaky. I was inspired from a site
where I was downloading mp3s. The mp3s were named rather differently that
before with extensions like nameofgoodsong.aab or something not the standard
nameofgoodsong.mp3. What I did was change the extension of the files that
would be blocked to some other extension that wasn't noticeable and wasn't
blocked. For example upload coolapp.exe and when it's done rename it to
Then when you're downloading it right click on the file and save file as
Rename it to coolapp.exe and it should save and be just like normal.

Now then getting a chat service to work was rather fun and
challenging. Since I was limited to only port 80 there's no way in hell I
could connect to Windows messenger, YAHOO, AIM or any other leading chat
program. Because Windows Messenger aka MSN messenger connects on port 1863
to communicate to its server.
My working solution is to make and create a 3 way connection.
Again it would look something like this

Internal Computers (port 80)----> Router (port80) ----> MS Proxy (port
80)----> Firewall -(port 80) --> The Internet (port 80)--> (port 80) REMOTE
SERVER( redirected to port 1863) ---->WINDOWS MESSENGER SERVERS (port 1863)

And back

(redirected to port 80)-- > The Internet (port 80) --> Firewall (port 80)-->
MS Proxy (port 80) --> Router - (port 80) --> Internal Computers

OK now then the REMOTE SERVER serves as the middle man for this to work.
You see your about to connect to the remote server and then have the remote
server connect to windows messenger servers for you. Then windows messenger
sends the info back to the remote server and back to you on port 80.

To do this you need 2 things 1st is Fpipe and 2nd is a second server that
fpipe is going to run on.
When you start fpipe you get something that looks like this from the
dos/command prompt screen.

FPipe v2.1 - TCP/UDP port redirector.
Copyright 2000 (c) by Foundstone, Inc.

FPipe [-hvu?] [-lrs ] [-i IP] IP

-?/-h - shows this help text
-c - maximum allowed simultaneous TCP connections. Default is 32
-i - listening interface IP address
-l - listening port number
-r - remote port number
-s - outbound source port number
-u - UDP mode
-v - verbose mode

fpipe -l 53 -s 53 -r 80

This would set the program to listen for connections on port 53 and

when a local connection is detected a further connection will be
made to port 80 of the remote machine at with the
source port for that outbound connection being set to 53 also.
Data sent to and from the connected machines will be passed through.

Now then the demo they show us can be useful for the user to figure out what
Exactly it is that we are going to do.

First let's think about what we exactly are going to accomplish. You are
going to send a request through port 80 from within your network to your
remote server that is hosting fpipe. Then Fpipe on the remote server
receives the incoming info from port 80 that you have just sent out and
redirects the outgoing info to port 1863. The send info that just went out
through fpipe leaves through port 1863 and now goes to windows messenger
server where it communicates with login info and then sends the info back to
our remote server through the port of 1863 where our remote server transfers
that info back out through port 80 to us.

The command line for fpipe to run on the remote server would look like this.

fpipe -l 80 -s 1863 -r 1863 messenger.hotmail.com

Simple Steps to Remember

1. Download Fpipe from http://www.foundstone.com
2. Set up your windows messenger client to connect to a proxy
3. Change the proxy info to http proxy the server would be your remote
server you have fpipe running on. And the port for the proxy is of course 80
4. Start Fpipe with the command of "fpipe -l 80 -s 1863 -r 1863
5. now with fpipe running you can now connect and run windows messenger

For those that want to do this with other chat programs Im 1 step ahead of

AOL SERVER- login.oscar.aol.com port 5190
ICQ SERVER - login.icq.com port 5190
WINDOWS MESSENGER SERVER - messenger.hotmail.com port 1863
YAHOO SERVER - cs.yahoo.com port 5050