Apoc

Bypassing SonicWALL? New school network

67 posts in this topic

Actually my school has sonic wall too. I used to have their tech support manual but i lost it. When I find it I will PM you.

And honestly-why would schools even need filters except to block pornography. I hated it when my school blocked binrev.com That is why i might sabotage their SonicWALL this year.

oops. Didn't see the post where you allready had the manual sorry. I will read on this topic because I disagree with people making money off of blocking knowledge.

--Bill Gevstorvsky

Edited by Bill_Gevstorvsky
0

Share this post


Link to post
Share on other sites

Has my school admin gotten smarter? Today, after I loaded both TOR and Privoxy off of the network, I stated getting this in TOR:

Oct 25 11:05:50.128 [notice] Application request when we're believed to be offli

ne. Optimistically trying again.

Oct 25 11:06:11.328 [notice] directory_get_from_dirserver(): No running dirserve

rs known. Not trying. (purpose 1)

Oct 25 11:06:11.348 [notice] directory_all_unreachable(): Network down? Failing

connection to '[scrubbed]:80'.

Oct 25 11:06:11.358 [notice] directory_all_unreachable(): Network down? Failing

connection to '[scrubbed]:80'.

Oct 25 11:06:12.009 [notice] Application request when we're believed to be offli

ne. Optimistically trying again.

Oct 25 11:06:35.182 [notice] directory_get_from_dirserver(): No running dirserve

rs known. Not trying. (purpose 1)

Oct 25 11:06:35.182 [notice] directory_all_unreachable(): Network down? Failing

connection to '[scrubbed]:80'.

Oct 25 11:06:35.182 [notice] directory_all_unreachable(): Network down? Failing

connection to '[scrubbed]:80'.

Oct 25 11:06:35.182 [notice] directory_all_unreachable(): Network down? Failing

connection to '[scrubbed]:80'.

Oct 25 11:06:35.182 [notice] directory_all_unreachable(): Network down? Failing

connection to '[scrubbed]:80'.

Oct 25 11:06:35.182 [notice] directory_all_unreachable(): Network down? Failing

connection to '[scrubbed]:80'.

Oct 25 11:06:35.753 [notice] Application request when we're believed to be offli

ne. Optimistically trying again.

Oct 25 11:07:35.750 [notice] Application request when we're believed to be offli

ne. Optimistically trying again.

Oct 25 11:07:57.991 [notice] directory_get_from_dirserver(): No running dirserve

rs known. Not trying. (purpose 1)

Oct 25 11:07:57.991 [notice] directory_all_unreachable(): Network down? Failing

connection to '[scrubbed]:80'.

Oct 25 11:07:57.991 [notice] directory_all_unreachable(): Network down? Failing

connection to '[scrubbed]:80'.

Oct 25 11:07:57.991 [notice] directory_all_unreachable(): Network down? Failing

connection to '[scrubbed]:80'.

Oct 25 11:07:57.991 [notice] directory_all_unreachable(): Network down? Failing

connection to '[scrubbed]:80'.

Oct 25 11:07:58.002 [notice] directory_all_unreachable(): Network down? Failing

connection to '[scrubbed]:80'.

Oct 25 11:07:58.002 [notice] directory_all_unreachable(): Network down? Failing

connection to '[scrubbed]:80'.

When I tried going to sites I just got a 404 error through privoxy the whole time. What happened!?

I tried moving the files off the network and I ran them off the hard drive and then I didnt get the long list of errors in TOR, i just got this:

Oct 25 11:05:50.128 [notice] Application request when we're believed to be offli

ne. Optimistically trying again.

Is TOR just down today for some reason?

Edited by Apoc
0

Share this post


Link to post
Share on other sites

Well as far as getting past the SonicWALL, good luck. As you may know I just had an article published in 2600 about breaking the sonicwall down. The IPS is probably analyzing a special rule put there by your admin. TOR is not down, the packet is just being dropped. I have a feeling that your admin has noticed what you are doing. The sonicwall is very robust and if it is programmed correctly than you are not going to be able to break it. The only thing you can do is focus on the CFS (content filtering system). Try to find out were they keep the viewpoint server for the system. Read my article on how to get into the box and then you can take a look at what users there are for bypassing the CFS. The admin account will not do you any good because that just allows you to administer the SonicWALL appliance. There is a really good chance that your sonicwall is the internet gateway so if you can get the ip address of your gateway then you have the IP of the box, more than likely. Let me know how far you get and maybe I can help you a bit more. I am actually an administrator of a SonicWALL myself so I know the system inside and out.

0

Share this post


Link to post
Share on other sites

Well, I have already been in trouble with the school for messing around with electronics and what not...I opened a computer case and disabled the front LEDs on a machine, put an "out of order" sign on the monitor, and unpluggedhe monitor so the LED wouldn't come on so the librarians would not know it was on....I then proceeded to DL lots of files using BT and I used my 80gb external HD to get the files home. They didnt know I downloaded all the stuff but they did know that messed with the computer because I was the only student that would use it and get it to work.

Anyways, I couldn't walk into the room with all the networking gear because it is right next to the office and the door is always open so they would see me in there. If I closed it to look around, the first person to walk by would open it and they would see me walk out afterwards most likely.

You might not have been talking physically but thats how I took it. If you meant getting access to the box over the computer I dont know where to begin...the bell is about to ring so I will type more when I get home around 5ish.

0

Share this post


Link to post
Share on other sites

This is easy to get past.

I would assume that port 80 would be a bad choice might be cached etc. I have a whole post about how to do this @ john8675309.blogspot.com

Basically setup a Linux box running squid and ssh running on port 443 (you should never cache 443 so you should be good there)

use putty to port forward the traffic to your home and out to the net.

Setup I.E. or whatever to use the proxy at whatever you local port is for example (Linux commands to follow:

Client machine:

ssh user@server -L8080:127.0.0.1:3128 -p 443

Login

Set Internet explorer to use the proxy 127.0.0.1 port 8080 and you will be golden.

HA kind of funny coming from a Network Administrator of a school :)

You can also just set squid to run @ port 443 but ssh will encrypt the session so to the untrained eye it might look like a SSL session

You may also choose to use a -C in your ssh command to compress the traffic to make it more responsive.

--John

0

Share this post


Link to post
Share on other sites

:go: Mine

Just http tunnel out. I used that for like 2 years (I've left school now), straight down port 80. No one ever guesses, because lets face it, how many admins packet sniff all the stuff going down port 80? The other thing I did was set up a proxy server on Apache from home for me and my mates. Every time the admins found out about it, I'd swap it to a different IP  ^_^

0

Share this post


Link to post
Share on other sites

actually, something ive done to get around sonicwall type devices, is ssh into my webserver, wget whatever, rename it to LOLPagE!.exe yes,.exe and then just go to

pwned.mywebsite.org/PAGE1.EXE

and it opens up in the browser as a webpage... it r0x.

0

Share this post


Link to post
Share on other sites

I think TOR wasn't working for some reason during that time or there was something running on the network that wouldn't allow TOR to run correctly because yesterday and today everything worked just fine.

0

Share this post


Link to post
Share on other sites

These works at my school:

Process 1

1. Download and install Firefox

2. Download Putty.exe

3. Free Shell account at grex.

4. Setup a local ssh tunnel under Putty to point to a proxy. Fill in port number with 5000 (or any number)

5. Login

6. Open Firefox

7. Change Firefox settings to point to localhost:5000

8. Surf at will

Process 2

1. The already described cgi-proxy way, but make a domain for the site. Something easy, or inconspicuous.

Another fun trick is if right-click is not disabled, you can run batch programs:

1. Right click and drag to new text document and rename to *.bat

2. Edit and type in dos commands.

3. This can sometimes be used to get around "permission denied" things.

4. Also can run otherwise restricted programs...

Also, hit the windows key and double click on "Programs" menu. If things aren't too secure, you can open up a folder linked to all the servers, and the Network Neighborhood.

Also try basic login names teacher:teacher, or test:test, or test123:test, etc. I have found basic combinations work most of the time.

Edited by Y0ungBra1n
0

Share this post


Link to post
Share on other sites

My school has SonicWALL too, by the sysadmins don't really care so a lot of stuff is unblocked. I just use TOR to get to blocked sites. Also our school turns the internet off at 12, so I just spoof my MAC to one of the people who have all night access and I also get all night access.

0

Share this post


Link to post
Share on other sites

1.) Google Translator:

http://translate.google.com/

translate from Korean or Chinese to English, and it shouldnt change anything

2.) SSH to home with Portable Firefox and puTTY on a flashdrive or CD ROM

0

Share this post


Link to post
Share on other sites

My school blocks stuff by content, I tried googleing proxy but that was blocked so I had to use p+roxy but I couldnt find anything, and they have it where in windows when u push start it just shows log off and shutdown, they have some serious security but one day Il bring my laptop and raise hell(maybe last day as a senior). I tried YouOs also in guest to see if maybe i would be able to go into the sites still but that didnt work.

Edited by DosPod
0

Share this post


Link to post
Share on other sites
:P i might do my own senior prank, if the webserver is on the network, as i suspect it is (no "hacker tools" allowed >.< and no compilers to make my own... unless i do a ping batch script), put ettercap on a network computer and deface the webpage w/ ARP Spoofing :devil:
0

Share this post


Link to post
Share on other sites

My school has SonicWALL too, by the sysadmins don't really care so a lot of stuff is unblocked. I just use TOR to get to blocked sites. Also our school turns the internet off at 12, so I just spoof my MAC to one of the people who have all night access and I also get all night access.

I wonder who told him that. :roll:

By the way I am working on a new method to get past filtering systems.

Will post when I am finished.

0

Share this post


Link to post
Share on other sites

(USB + portable firefox + forward DNS to tunnel check in about:configure ) + ssl tunnel to your box at home + make sure there is no watch programs installed ( use procexp.exe or something you can "pause or halt the app that is watching you :devil: ) and nc.exe for stopping services sometimes works

key is forward DNS to your ssh server so even if your proxy does reverse blocking it works

or for simple sites use proxy

http://www.rmccurdy.com/scripts/proxy.html

0

Share this post


Link to post
Share on other sites

(USB + portable firefox + forward DNS to tunnel check in about:configure ) + ssl tunnel to your box at home + make sure there is no watch programs installed ( use procexp.exe or something you can "pause or halt the app that is watching you :devil: ) and nc.exe for stopping services sometimes works

key is forward DNS to your ssh server so even if your proxy does reverse blocking it works

or for simple sites use proxy

http://www.rmccurdy.com/scripts/proxy.html

Have you tried obfuscating the URL/IP? Making it a numeric or hex representation of the site?

-1

Share this post


Link to post
Share on other sites

I am actually an administrator of a SonicWALL myself so I know the system inside and out.

can I get a link to that ? I checked your site and google but my google skillz are not that of a god .. speeking of google ... I can't get the daterange to work .. or it does but not like I want

http://www.rmccurdy.com/scripts/proxy.html ( tried to add daterange to the file search but no luck )

Have you tried obfuscating the URL/IP? Making it a numeric or hex representation of the site?

Well 1st off you have to find out if there any spy programs instlled and "halt" them ( procexp.exe )

and from what I saw if you tunnel / ssl over 443 and forward dns on PFF you should be set ...

if you have a good firewall and uber policy's then your skrwd

you guys know where that policy wipe progam is ? I remember a vbs script that worked a few years ago to allow reg write and it would wipe the policy ??

0

Share this post


Link to post
Share on other sites

Have you tried obfuscating the URL/IP? Making it a numeric or hex representation of the site?

IP to DWORD conversion works well in a lot of situations. I havent tried it on one of my sonicwalls with CFS enabled, but its worth a shot.

0

Share this post


Link to post
Share on other sites

Hay

If you want an admin login just look for a elementry school on the domain list and the user name"student"

with no password works but for sonic wall. Some teachers and staff can creat web pages on the district sight so just make freinds with them and you can choose the bypass option and go right around.

Also if you have a key loger use it on the check out computer.

And my last suggestion is look for wi-fi near by and don't go threw the school at all ($40.00) usb wifi

use the admin account and install it. Use netstumbler to find a wifi location outside of school and connect.

Also if you live close by set up a chain of routers screwed to telephone poles(if despret)

0

Share this post


Link to post
Share on other sites

ok... my school installed SonicWALL about a year ago :grr: and i finally figured out the perfect proxy :D . its quick and easy and its hard for the schools to figur it out if you follow my instruction. its always worked for me and tell me if it doesn't work for you cause i got a rather large arsanal of proxies.

1. www.proxyping.com

2. Do your surfing.

!!!3.!!! WHEN YOU ARE DONE(this is your safty procedure so you dont get caught :ninja: ):

a-GO TO YOUR HOME PAGE

b-go to TOOLS

c-INTERNET OPTIONS

d-delete cookies AND files

e-go to SETTINGS and click VIEW OBJECTS

f-select all and DELETE

g-set history to 0 and click CLEAR HISTORY :ATTN:

h- click APPLY and exit out.....then log off.

its not as long of a process as it looks in all reality all those steps only take about 25 seconds and it keeps your ass safe. i do it every time i get online period.

This site sometimes goes down :wacko: , but it comes right back up, sometimes within 3 hours.its not down often of anything, im just saying that if its down, try again some other time.

0

Share this post


Link to post
Share on other sites

I have to basically agree with N3xG3n on this one. Probably the most inconspicuous way to bypass the firewall is to use a translating service. I've used the google translator before but seem to have a little better luck with Babel Fish from Altavista.

Also, just a thought but, have you tried using something like wget for windows? It's a single exe that requires no installation and just a command line. Okay, so I know it may not be the most efficient way to get information but if you absolutley needed something, it might work.

just my 2 bits

0

Share this post


Link to post
Share on other sites

OMG, this topic is going so far...are you STILL having trouble bypassing sonicwall ? Its very very easy and theres literally dozens of ways.

Heres a couple more: DL Http-tunnel, and tunnel through port 1080 right under the wall....or you could use a cgi proxy, public unix box with shell access.

good luck.

0

Share this post


Link to post
Share on other sites

Learn how to interpret HTML in your head,

open CMD

telnet www.site.com 80 <- Telnet to the site on port 80

type:

GET / HTTP/1.0 *enter*

*enter*

menmtaly enterpret HTML or somehow save it and open it in IE or Portable Firefox

0

Share this post


Link to post
Share on other sites

If you need to tunnel traffic your going to have to host something from your personal machines.

If you are just looking to browse a few different blacklisted websites I reccomend using a remote shell with links. There wont be any graphics but your internet will be filter free.

This is easy enough to setup on your own using almost any linux/bsd distro or you can get a remote shell for pennies from silenceisdefeat.org

0

Share this post


Link to post
Share on other sites

One thing you could possibly do is this(not sure if it will work, i tried it at my school, but i didnt have permission to save it): lets say u wanted to get onto myspace.

- Go to C drive (if you dont have acces to that, or a file button search for a filemanager on google and download it), WIDOWS, system 32, DRIVERS, ETC, HOSTS.

- Open up hosts in notepad.

- Make your own command prompt: (if this code doesnt work properly use the attactment.)

[code]@echo off
cls
:loop
set command=
echo --------------------------------
chdir
set /P command="Prompt: "
echo --------------------------------
%command%
goto loop

-Copy this into notepad, and save it as a .bat file. (wont work if you have clever admins, who have blocked all files ending in .bat)

-type in "ping www.myspace.com" this should give you the ip number of myspace.

-create a new line in the hosts file, and type in "216.178.32.48 www.google.com" (make sure there is a space between the ip and website)

- once youve saved it, this basically means that when you type in www.google.com, instead of going to googles website, you will be redirected to myspace.

-this in theory should work, but as i say, at my school, im unable to save the hosts file... so it doesnt.

Good luck!

-

save_as_.bat.doc

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now