Jump to content


Photo
- - - - -

Bypassing SonicWALL? New school network


  • Please log in to reply
66 replies to this topic

#21 Mi5

Mi5

    DDP Fan club member

  • Members
  • 44 posts

Posted 28 August 2005 - 08:11 AM

In all seriousness why the fuck bother? The computers at school are there for educational purposes. Not for your own pleasure and enlightment. I see kids all the time in CISCO Networking in school trying to fuck stuff up or by pass stuff. Half of the kids in the class think they know more than every body else. 

If your just being curious and not being a menis. It makes sense.... I work hand and hand with my schools IT staff. He has tons of other shit to do besides help teachers figure out that their monitor cable was unplug or their new printer drivers dont work. When im with IT staff some times they let me and other friends  play on the network and even port scan shit to see what we can find and tons of other stuff. Im just saying dont be a dick head and do it just to play games or chat because that isnt the purpose of school.

 


Yeah I agree with this to an extent... I always got on well with my admins (actually, I set up a Linux web server for them :D ). But, tbh, schools are known for blocking the most stupid shit - email accounts, mine even blocked stuff like cplusplus, slashdot, w3schools and so on. Which was annoying, because I was trying to learn :growl: Also, when you're doing a school project where you need to research something on, say, music, it often helps to get an image/book review off Amazon and other such sites, yet schools almost always block this under 'e-commerce'.

So, basically, make friends with your admins, you might learn something, and don't try to screw up their system. But if you need to access something which isn't malicious, then why the hell not? If you're not hurting anyone, feel free to do some bypassing.

#22 solid332

solid332

    DDP Fan club member

  • Members
  • 46 posts

Posted 29 August 2005 - 02:17 PM

I'm browsing this topic quickly, but I don't think nph-proxy.cgi was mentioned.

Google "nph-proxy.cgi"

#23 Perf-149

Perf-149

    Hakker addict

  • Members
  • 502 posts
  • Location:Location is key!

Posted 29 August 2005 - 11:08 PM

I'm browsing this topic quickly, but I don't think nph-proxy.cgi was mentioned.

Google "nph-proxy.cgi"

 


Wow, such a simple post, and yet it unlocked about 5 hours of tweaking around with my linux box. I got an Apache webserver running on my crappy linux laptop, and I got my router set up so that is forwards all requests on port 80 to the Apache server. I also got .cgi scripts working, and the "nph-proxy.cgi" script also running on it. I know it will bog down my laptop, but I only plan on using it to bypass my schools crappy censorship.

So, thanks for that post. It enligtened me a great deal! Ahh, the wonders of learning!

Edited by Perf-149, 29 August 2005 - 11:09 PM.


#24 Argent

Argent

    The phorce is with me!

  • Members
  • 76 posts

Posted 01 September 2005 - 09:45 PM

Well I took a look at the Manuel and came across this.
"SonicWALL IPS cannot perform inspection on any encryped traffic that is in transit through the SonicWALL security appliance. However, the SonicWALL security appliance can perform SonicWall IPS inspection on any VPN tunnel that terminates directly on the SonicWALL security appliance. SonicWALL IPS can inspect traffic as it goes into the tunnel and/or when the traffic comes out of the tunnel. For example, if the VPN tunnel terminates and begins on the LAN, SonicWALL IPS can inspect the traffic before and/or after it enters the VPN tunnel.

For SonicOS Standard, you must enable ApplyNAT and Firewall Rules in the VPN Policy window's Advanced tab for each VPN policy in order for IPS inspection to happen on a VPN tunnel that terminates directly on the SonicWALL security appliance."


If im getting this correct you can tunnel encryped traffic through SonicWALL because any SonicWALL appliance will not be installed on the device where the VPN tunnel originates or terminates. If im not understanding this correctly or have a misunderstanding of exactly how a VPN tunnel works please correct me. Even if I am, the admin or whoever sets up SonicWALL could possibly overlook the fact that they need to enable ApplyNAT and Firewall Rules in the VPN Policy settings makeing any VPN tunneling wide open (unless its default). Just trying to make sure im deciphering the information correctly thanks for any input.

Edited by Argent, 01 September 2005 - 09:47 PM.


#25 Mi5

Mi5

    DDP Fan club member

  • Members
  • 44 posts

Posted 02 September 2005 - 04:43 AM

Well I took a look at the Manuel and came across this.
"SonicWALL IPS cannot perform inspection on any encryped traffic that is in transit through the SonicWALL security appliance. However, the SonicWALL security appliance can perform SonicWall IPS inspection on any VPN tunnel that terminates directly on the SonicWALL security appliance. SonicWALL IPS can inspect traffic as it goes into the tunnel and/or when the traffic comes out of the tunnel. For example, if the VPN tunnel terminates and begins on the LAN, SonicWALL IPS can inspect the traffic before and/or after it enters the VPN tunnel.

For SonicOS Standard, you must enable ApplyNAT and Firewall Rules in the VPN Policy window's Advanced tab for each VPN policy in order for IPS inspection to happen on a VPN tunnel that terminates directly on the SonicWALL security appliance."


If im getting this correct you can tunnel encryped traffic through SonicWALL because any SonicWALL appliance will not be installed on the device where the VPN tunnel originates or terminates. If im not understanding this correctly or have a misunderstanding of exactly how a VPN tunnel works please correct me. Even if I am, the admin or whoever sets up SonicWALL could possibly overlook the fact that they need to enable  ApplyNAT and Firewall Rules in the VPN Policy settings makeing any VPN tunneling wide open (unless its default). Just trying to make sure im deciphering the information correctly thanks for any input.

 


Well, a VPN is just a virtual private network, which tunnels through the internet so you can access the network remotely... so yeah, I guess there's no reason why you couldn't spoof a VPN tunnel and encrypt it. But then, network security isn't my strong suit.

#26 Bill_Gevstorvsky

Bill_Gevstorvsky

    elite

  • Members
  • 120 posts

Posted 06 September 2005 - 07:37 PM

Actually my school has sonic wall too. I used to have their tech support manual but i lost it. When I find it I will PM you.

And honestly-why would schools even need filters except to block pornography. I hated it when my school blocked binrev.com That is why i might sabotage their SonicWALL this year.
oops. Didn't see the post where you allready had the manual sorry. I will read on this topic because I disagree with people making money off of blocking knowledge.

--Bill Gevstorvsky

Edited by Bill_Gevstorvsky, 06 September 2005 - 07:40 PM.


#27 Apoc

Apoc

    SUP3R 31337 P1MP

  • Members
  • 250 posts

Posted 25 October 2005 - 11:18 AM

Has my school admin gotten smarter? Today, after I loaded both TOR and Privoxy off of the network, I stated getting this in TOR:

Oct 25 11:05:50.128 [notice] Application request when we're believed to be offli
ne. Optimistically trying again.
Oct 25 11:06:11.328 [notice] directory_get_from_dirserver(): No running dirserve
rs known. Not trying. (purpose 1)
Oct 25 11:06:11.348 [notice] directory_all_unreachable(): Network down? Failing
connection to '[scrubbed]:80'.
Oct 25 11:06:11.358 [notice] directory_all_unreachable(): Network down? Failing
connection to '[scrubbed]:80'.
Oct 25 11:06:12.009 [notice] Application request when we're believed to be offli
ne. Optimistically trying again.
Oct 25 11:06:35.182 [notice] directory_get_from_dirserver(): No running dirserve
rs known. Not trying. (purpose 1)
Oct 25 11:06:35.182 [notice] directory_all_unreachable(): Network down? Failing
connection to '[scrubbed]:80'.
Oct 25 11:06:35.182 [notice] directory_all_unreachable(): Network down? Failing
connection to '[scrubbed]:80'.
Oct 25 11:06:35.182 [notice] directory_all_unreachable(): Network down? Failing
connection to '[scrubbed]:80'.
Oct 25 11:06:35.182 [notice] directory_all_unreachable(): Network down? Failing
connection to '[scrubbed]:80'.
Oct 25 11:06:35.182 [notice] directory_all_unreachable(): Network down? Failing
connection to '[scrubbed]:80'.
Oct 25 11:06:35.753 [notice] Application request when we're believed to be offli
ne. Optimistically trying again.
Oct 25 11:07:35.750 [notice] Application request when we're believed to be offli
ne. Optimistically trying again.
Oct 25 11:07:57.991 [notice] directory_get_from_dirserver(): No running dirserve
rs known. Not trying. (purpose 1)
Oct 25 11:07:57.991 [notice] directory_all_unreachable(): Network down? Failing
connection to '[scrubbed]:80'.
Oct 25 11:07:57.991 [notice] directory_all_unreachable(): Network down? Failing
connection to '[scrubbed]:80'.
Oct 25 11:07:57.991 [notice] directory_all_unreachable(): Network down? Failing
connection to '[scrubbed]:80'.
Oct 25 11:07:57.991 [notice] directory_all_unreachable(): Network down? Failing
connection to '[scrubbed]:80'.
Oct 25 11:07:58.002 [notice] directory_all_unreachable(): Network down? Failing
connection to '[scrubbed]:80'.
Oct 25 11:07:58.002 [notice] directory_all_unreachable(): Network down? Failing
connection to '[scrubbed]:80'.

When I tried going to sites I just got a 404 error through privoxy the whole time. What happened!?

I tried moving the files off the network and I ran them off the hard drive and then I didnt get the long list of errors in TOR, i just got this:


Oct 25 11:05:50.128 [notice] Application request when we're believed to be offli
ne. Optimistically trying again.

Is TOR just down today for some reason?

Edited by Apoc, 25 October 2005 - 11:21 AM.


#28 Kn1ghtl0rd

Kn1ghtl0rd

    SUP3R 31337

  • Agents of the Revolution
  • 176 posts

Posted 25 October 2005 - 12:01 PM

Well as far as getting past the SonicWALL, good luck. As you may know I just had an article published in 2600 about breaking the sonicwall down. The IPS is probably analyzing a special rule put there by your admin. TOR is not down, the packet is just being dropped. I have a feeling that your admin has noticed what you are doing. The sonicwall is very robust and if it is programmed correctly than you are not going to be able to break it. The only thing you can do is focus on the CFS (content filtering system). Try to find out were they keep the viewpoint server for the system. Read my article on how to get into the box and then you can take a look at what users there are for bypassing the CFS. The admin account will not do you any good because that just allows you to administer the SonicWALL appliance. There is a really good chance that your sonicwall is the internet gateway so if you can get the ip address of your gateway then you have the IP of the box, more than likely. Let me know how far you get and maybe I can help you a bit more. I am actually an administrator of a SonicWALL myself so I know the system inside and out.

#29 Apoc

Apoc

    SUP3R 31337 P1MP

  • Members
  • 250 posts

Posted 25 October 2005 - 03:27 PM

Well, I have already been in trouble with the school for messing around with electronics and what not...I opened a computer case and disabled the front LEDs on a machine, put an "out of order" sign on the monitor, and unpluggedhe monitor so the LED wouldn't come on so the librarians would not know it was on....I then proceeded to DL lots of files using BT and I used my 80gb external HD to get the files home. They didnt know I downloaded all the stuff but they did know that messed with the computer because I was the only student that would use it and get it to work.

Anyways, I couldn't walk into the room with all the networking gear because it is right next to the office and the door is always open so they would see me in there. If I closed it to look around, the first person to walk by would open it and they would see me walk out afterwards most likely.

You might not have been talking physically but thats how I took it. If you meant getting access to the box over the computer I dont know where to begin...the bell is about to ring so I will type more when I get home around 5ish.

#30 john8675309

john8675309

    Gibson Hacker

  • Members
  • 78 posts

Posted 25 October 2005 - 03:43 PM

This is easy to get past.

I would assume that port 80 would be a bad choice might be cached etc. I have a whole post about how to do this @ john8675309.blogspot.com

Basically setup a Linux box running squid and ssh running on port 443 (you should never cache 443 so you should be good there)


use putty to port forward the traffic to your home and out to the net.

Setup I.E. or whatever to use the proxy at whatever you local port is for example (Linux commands to follow:

Client machine:

ssh user@server -L8080:127.0.0.1:3128 -p 443
Login

Set Internet explorer to use the proxy 127.0.0.1 port 8080 and you will be golden.

HA kind of funny coming from a Network Administrator of a school :)


You can also just set squid to run @ port 443 but ssh will encrypt the session so to the untrained eye it might look like a SSL session

You may also choose to use a -C in your ssh command to compress the traffic to make it more responsive.

--John

#31 Mr.Sandman

Mr.Sandman

    elite

  • Members
  • 120 posts

Posted 28 October 2005 - 12:12 PM

:go: Mine

Just http tunnel out. I used that for like 2 years (I've left school now), straight down port 80. No one ever guesses, because lets face it, how many admins packet sniff all the stuff going down port 80? The other thing I did was set up a proxy server on Apache from home for me and my mates. Every time the admins found out about it, I'd swap it to a different IP  ^_^

 



#32 invision620

invision620

    Dangerous free thinker

  • Members
  • 767 posts
  • Gender:Not Telling

Posted 28 October 2005 - 12:20 PM

actually, something ive done to get around sonicwall type devices, is ssh into my webserver, wget whatever, rename it to LOLPagE!.exe yes,.exe and then just go to

pwned.mywebsite.org/PAGE1.EXE


and it opens up in the browser as a webpage... it r0x.

#33 Apoc

Apoc

    SUP3R 31337 P1MP

  • Members
  • 250 posts

Posted 28 October 2005 - 04:49 PM

I think TOR wasn't working for some reason during that time or there was something running on the network that wouldn't allow TOR to run correctly because yesterday and today everything worked just fine.

#34 Y0ungBra1n

Y0ungBra1n

    The floor is made of lava!

  • Agents of the Revolution
  • 1,239 posts
  • Gender:Male
  • Location:Sal Tlay Ka Siti

Posted 28 October 2005 - 07:07 PM

These works at my school:

Process 1
1. Download and install Firefox
2. Download Putty.exe
3. Free Shell account at grex.
4. Setup a local ssh tunnel under Putty to point to a proxy. Fill in port number with 5000 (or any number)
5. Login
6. Open Firefox
7. Change Firefox settings to point to localhost:5000
8. Surf at will

Process 2
1. The already described cgi-proxy way, but make a domain for the site. Something easy, or inconspicuous.


Another fun trick is if right-click is not disabled, you can run batch programs:
1. Right click and drag to new text document and rename to *.bat
2. Edit and type in dos commands.
3. This can sometimes be used to get around "permission denied" things.
4. Also can run otherwise restricted programs...

Also, hit the windows key and double click on "Programs" menu. If things aren't too secure, you can open up a folder linked to all the servers, and the Network Neighborhood.

Also try basic login names teacher:teacher, or test:test, or test123:test, etc. I have found basic combinations work most of the time.

Edited by Y0ungBra1n, 28 October 2005 - 07:09 PM.


#35 dalejrrocks

dalejrrocks

    SUPR3M3 31337 Mack Daddy P1MP

  • Members
  • 472 posts
  • Location:Alabama

Posted 18 September 2006 - 12:55 AM

My school has SonicWALL too, by the sysadmins don't really care so a lot of stuff is unblocked. I just use TOR to get to blocked sites. Also our school turns the internet off at 12, so I just spoof my MAC to one of the people who have all night access and I also get all night access.

#36 n3xg3n

n3xg3n

    "I Hack, therefore, I am"

  • Members
  • 960 posts
  • Country:
  • Gender:Male
  • Location:(703)

Posted 18 September 2006 - 06:23 PM

1.) Google Translator:
http://translate.google.com/
translate from Korean or Chinese to English, and it shouldnt change anything

2.) SSH to home with Portable Firefox and puTTY on a flashdrive or CD ROM

#37 DosPod

DosPod

    Mack Daddy 31337

  • Members
  • 215 posts
  • Location:Corpus Christi, Texas (the sparkling city by the sea)

Posted 18 September 2006 - 07:43 PM

My school blocks stuff by content, I tried googleing proxy but that was blocked so I had to use p+roxy but I couldnt find anything, and they have it where in windows when u push start it just shows log off and shutdown, they have some serious security but one day Il bring my laptop and raise hell(maybe last day as a senior). I tried YouOs also in guest to see if maybe i would be able to go into the sites still but that didnt work.

Edited by DosPod, 18 September 2006 - 07:45 PM.


#38 n3xg3n

n3xg3n

    "I Hack, therefore, I am"

  • Members
  • 960 posts
  • Country:
  • Gender:Male
  • Location:(703)

Posted 18 September 2006 - 07:52 PM

:P i might do my own senior prank, if the webserver is on the network, as i suspect it is (no "hacker tools" allowed >.< and no compilers to make my own... unless i do a ping batch script), put ettercap on a network computer and deface the webpage w/ ARP Spoofing :devil:

#39 Zeph

Zeph

    OMG, so close to "1337"!

  • Agents of the Revolution
  • 1,319 posts

Posted 18 September 2006 - 08:22 PM

My school has SonicWALL too, by the sysadmins don't really care so a lot of stuff is unblocked. I just use TOR to get to blocked sites. Also our school turns the internet off at 12, so I just spoof my MAC to one of the people who have all night access and I also get all night access.




I wonder who told him that. :roll:

By the way I am working on a new method to get past filtering systems.

Will post when I am finished.

#40 operat0r

operat0r

    Dangerous free thinker

  • Members
  • 793 posts
  • Location:ops

Posted 18 September 2006 - 09:08 PM

(USB + portable firefox + forward DNS to tunnel check in about:configure ) + ssl tunnel to your box at home + make sure there is no watch programs installed ( use procexp.exe or something you can "pause or halt the app that is watching you :devil: ) and nc.exe for stopping services sometimes works

key is forward DNS to your ssh server so even if your proxy does reverse blocking it works

or for simple sites use proxy
http://www.rmccurdy....ipts/proxy.html




BinRev is hosted by the great people at Lunarpages!