Today, let us talk about Firewall rules and how we can evade them. However, i will be producing more advanced and complex tutorials for ninja scanning as well. OK, let us talk about a basic ninja scan which is required in the following scenario-
Target is a colleague in the neighborhood who is running on Windows 7, Runs a Version of an FTP server on port 21 and 990(secured) and lastly has blocked our IP address as well. Our task is to evade the protection mechanisms that are the Windows 7 firewall based rules.
To create a self test environment, you need:
- Windows 7 up and running in VMware or on a different machine
- A Firewall rule in “Inbound Connections” which Blocks our IP address
- Any Linux configured with Nmap
OK! So let us first run a simple Nmap scan without any rule in the firewall and check what is the output:-
The first rule blocks our IP address which is 192.168.193.1 Let us now re-scan the target and see that if the firewall is blocking us now or not?
All SYN packets from the very first packet till the end of the scan…. so what this means? yeah you guessed it right no ACKs. Therefore, Nmap shows all ports filtered.
Let us now overcome this situation by using -S switch in Nmap which helps in spoofing the originating address as follows-
Let us analyze the above command, we used
-sS to denote a Stealth
Scan/Half open Scan. Next, we used
-e to denote the interface name
which in my case was vmnet8 because I used it in VMware Player(eth0)
in case of machine being a different one). Next,
-S to supply an
address to spoof and 21,990 using
-p switch to denote the port
numbers. we can see that some error messages are generated but its
alright, it works fine. let us cross check its functioning using
This concludes our most basic ninja scanning tutorial to evade a firewall rule of Windows 7. Stay tuned for more tutorials. Additionally, Refer to my book Mastering Metasploit to learn how to scan a hidden network using a compromised host.
2014-06-27 03:19 +0530