firewall-bypass
脚本使用类型:
hostrule
脚本所属分类:
vuln, intrusive
脚本下载地址: http://nmap.org/svn/scripts/firewall-bypass.nse
Detects a vulnerability in netfilter and other firewalls that use helpers to dynamically open ports for protocols such as ftp and sip.
The script works by spoofing a packet from the target server asking for opening a related connection to a target port which will be fulfilled by the firewall through the adequate protocol helper port. The attacking machine should be on the same network segment as the firewall for this to work. The script supports ftp helper on both IPv4 and IPv6. Real path filter is used to prevent such attacks.
Based on work done by Eric Leblond.
For more information, see: * http://home.regit.org/2012/03/playing-with-network-layers-to-bypass-firewalls-filtering-policy/
The helper to use. Defaults to ftp
.
Supported helpers: ftp (Both IPv4 and IPv6).
Port to test vulnerability on. Target port should be a non-open port. If not given, the script will try to find a filtered or closed port from the port scan results.
If not using the helper's default port.
执行格式
nmap --script firewall-bypass <target> nmap --script firewall-bypass --script-args firewall-bypass.helper="ftp", firewall-bypass.targetport=22 <target>
Host script results: | firewall-bypass: |_ Firewall vulnerable to bypass through ftp helper. (IPv4)
Author: Hani Benhabiles
License: VER007 整理 http://www.ver007.com