7.6 KiB
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥
-
Travaillez-vous dans une entreprise de cybersécurité ? Voulez-vous voir votre entreprise annoncée dans HackTricks ? ou voulez-vous avoir accès à la dernière version de PEASS ou télécharger HackTricks en PDF ? Consultez les PLANS D'ABONNEMENT !
-
Découvrez The PEASS Family, notre collection exclusive de NFTs
-
Obtenez le swag officiel PEASS & HackTricks
-
Rejoignez le 💬 groupe Discord ou le groupe telegram ou suivez moi sur Twitter 🐦@carlospolopm.
-
Partagez vos astuces de piratage en soumettant des PR au repo hacktricks et au repo hacktricks-cloud.
Le module envoie une requête au port 264/TCP sur les pare-feux CheckPoint Firewall-1 pour obtenir le nom du pare-feu et le nom de la station de gestion telle que SmartCenter via une demande de pré-authentification.
use auxiliary/gather/checkpoint_hostname
set RHOST 10.10.xx.xx
Pentesting Check Point Firewall-1
Introduction
Check Point Firewall-1 is a firewall product developed by Check Point Software Technologies. It provides network security by filtering incoming and outgoing traffic based on a set of rules.
Enumeration
Version
To determine the version of Check Point Firewall-1, you can use the following command:
fw ver
Policy
To view the current policy, use the following command:
fw stat
Rulebase
To view the rulebase, use the following command:
fw ctl pstat
Exploitation
Firewall Bypass
One way to bypass the firewall is to use a protocol that is allowed through the firewall, such as HTTP or HTTPS, to connect to a remote server that is outside of the firewall. Once the connection is established, the attacker can use the remote server to connect to internal resources.
Denial of Service
An attacker can launch a denial of service (DoS) attack against the firewall by flooding it with traffic. This can cause the firewall to crash or become unresponsive, allowing the attacker to bypass the firewall.
Rulebase Modification
If an attacker gains access to the rulebase, they can modify the rules to allow traffic that would normally be blocked by the firewall. This can allow the attacker to bypass the firewall and gain access to internal resources.
Conclusion
Check Point Firewall-1 is a popular firewall product that provides network security by filtering incoming and outgoing traffic based on a set of rules. However, it is not immune to attacks, and it is important to regularly test and update the firewall to ensure that it is secure.
[*] Attempting to contact Checkpoint FW1 SecuRemote Topology service...
[+] Appears to be a CheckPoint Firewall...
[+] Firewall Host: FIREFIGHTER-SEC
[+] SmartCenter Host: FIREFIGHTER-MGMT.example.com
[*] Auxiliary module execution completed
Une autre façon d'obtenir le nom d'hôte et le nom ICA du pare-feu pourrait être
printf '\x51\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x0bsecuremote\x00' | nc -q 1 x.x.x.x 264 | grep -a CN | cut -c 2-
Pentesting Check Point Firewall-1
Introduction
Check Point Firewall-1 is a firewall product developed by Check Point Software Technologies. It provides network security by filtering incoming and outgoing traffic based on a set of rules.
Enumeration
Version
To determine the version of Check Point Firewall-1, you can use the following command:
fw ver
Policy
To view the current policy, use the following command:
fw stat
Rulebase
To view the rulebase, use the following command:
fw ctl pstat
Connections
To view the current connections, use the following command:
fw tab -t connections -s
Exploitation
Firewall Bypass
One way to bypass Check Point Firewall-1 is to use a technique called "HTTP Tunneling". This involves encapsulating traffic inside HTTP requests and responses, which are allowed through the firewall.
Denial of Service
Check Point Firewall-1 can be vulnerable to denial of service attacks if it is not properly configured. One way to perform a denial of service attack is to flood the firewall with traffic, causing it to become overwhelmed and stop functioning.
Rulebase Modification
If an attacker gains access to the Check Point Firewall-1 management console, they can modify the rulebase to allow traffic that would normally be blocked. This can be done by adding a new rule or modifying an existing one.
Conclusion
Check Point Firewall-1 is a popular firewall product that provides network security by filtering incoming and outgoing traffic based on a set of rules. However, it can be vulnerable to various attacks if it is not properly configured. It is important to regularly review and update the firewall's configuration to ensure that it is providing adequate protection.
CN=Panama,O=MGMTT.srv.rxfrmi
☁️ HackTricks Cloud ☁️ -🐦 Twitter 🐦 - 🎙️ Twitch 🎙️ - 🎥 Youtube 🎥
-
Travaillez-vous dans une entreprise de cybersécurité ? Voulez-vous voir votre entreprise annoncée dans HackTricks ? ou voulez-vous avoir accès à la dernière version de PEASS ou télécharger HackTricks en PDF ? Consultez les PLANS D'ABONNEMENT !
-
Découvrez The PEASS Family, notre collection exclusive de NFTs
-
Obtenez le swag officiel PEASS & HackTricks
-
Rejoignez le 💬 groupe Discord ou le groupe telegram ou suivez moi sur Twitter 🐦@carlospolopm.
-
Partagez vos astuces de piratage en soumettant des PR au dépôt hacktricks et au dépôt hacktricks-cloud.