mirror of
https://github.com/carlospolop/hacktricks
synced 2024-11-29 08:01:00 +00:00
66 lines
4.6 KiB
Markdown
66 lines
4.6 KiB
Markdown
{% hint style="success" %}
|
|
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Support HackTricks</summary>
|
|
|
|
* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
|
|
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.
|
|
|
|
</details>
|
|
{% endhint %}
|
|
|
|
|
|
Moguće je interagovati sa **CheckPoint** **Firewall-1** vatrozidima kako bi se otkrile vredne informacije kao što su ime vatrozida i ime upravljačke stanice. To se može uraditi slanjem upita na port **264/TCP**.
|
|
|
|
### Dobijanje imena vatrozida i upravljačke stanice
|
|
|
|
Koristeći zahtev pre autentifikacije, možete izvršiti modul koji cilja **CheckPoint Firewall-1**. Neophodne komande za ovu operaciju su navedene u nastavku:
|
|
```bash
|
|
use auxiliary/gather/checkpoint_hostname
|
|
set RHOST 10.10.10.10
|
|
```
|
|
Upon execution, the module attempts to contact the firewall's SecuRemote Topology service. If successful, it confirms the presence of a CheckPoint Firewall and retrieves the names of both the firewall and the SmartCenter management host. Here's an example of what the output might look like:
|
|
|
|
При извршавању, модул покушава да контактира SecuRemote Topology сервис ватрозида. Уколико буде успешан, потврђује присуство CheckPoint ватрозида и преузима имена и ватрозида и SmartCenter управљачког хоста. Ево примера како би излаз могао изгледати:
|
|
```text
|
|
[*] Attempting to contact Checkpoint FW1 SecuRemote Topology service...
|
|
[+] Appears to be a CheckPoint Firewall...
|
|
[+] Firewall Host: FIREFIGHTER-SEC
|
|
[+] SmartCenter Host: FIREFIGHTER-MGMT.example.com
|
|
[*] Auxiliary module execution completed
|
|
```
|
|
### Alternative Method for Hostname and ICA Name Discovery
|
|
|
|
Druga tehnika uključuje direktnu komandu koja šalje specifično upitivanje vatrozidu i analizira odgovor kako bi izvukla ime vatrozida i ICA ime. Komanda i njena struktura su sledeće:
|
|
```bash
|
|
printf '\x51\x00\x00\x00\x00\x00\x00\x21\x00\x00\x00\x0bsecuremote\x00' | nc -q 1 10.10.10.10 264 | grep -a CN | cut -c 2-
|
|
```
|
|
Izlaz iz ove komande pruža detaljne informacije o imenu sertifikata vatrozida (CN) i organizaciji (O), kao što je prikazano u nastavku:
|
|
```text
|
|
CN=Panama,O=MGMTT.srv.rxfrmi
|
|
```
|
|
## Reference
|
|
|
|
* [https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit\_doGoviewsolutiondetails=&solutionid=sk69360](https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk69360)
|
|
* [https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html\#check-point-firewall-1-topology-port-264](https://bitvijays.github.io/LFF-IPS-P2-VulnerabilityAnalysis.html#check-point-firewall-1-topology-port-264)
|
|
|
|
|
|
|
|
{% hint style="success" %}
|
|
Učite i vežbajte AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
|
|
Učite i vežbajte GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)
|
|
|
|
<details>
|
|
|
|
<summary>Podržite HackTricks</summary>
|
|
|
|
* Proverite [**planove pretplate**](https://github.com/sponsors/carlospolop)!
|
|
* **Pridružite se** 💬 [**Discord grupi**](https://discord.gg/hRep4RUj7f) ili [**telegram grupi**](https://t.me/peass) ili **pratite** nas na **Twitteru** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
|
|
* **Podelite hakerske trikove slanjem PR-ova na** [**HackTricks**](https://github.com/carlospolop/hacktricks) i [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repozitorijume.
|
|
|
|
</details>
|
|
{% endhint %}
|