Bypassing security using PROXY

[ayu]

Ok so my school blocks all ports except port 80. As in I can't connect to msn or IRC very easily.

So i thought of using VNC to connect to my computer at home and use my regular stuff through my laptop in school. But NO, VNC uses port 5900 and apparently i can't change it.

So...here is my solution, tested and it works like a charm.

First I will describe how the school node (the laptop) is setup.

Ok so I use the client called "Vinagre" that can connect to a VNC server on port 5900 and 5800. So, I setup a small proxy called "simple proxy" with the following options

root@clare:/# simpleproxy -L localhost:5900 -R x.x.x.x:80

The x'es beeing my IP address at home.

This options states that all connections on localhost on port 5900 shall be redirected to my IP address at home on port 80, as in connect through port 80 in the school, which works since that's the only opened port.

Now, that's all I have about the lappy, nothing more is needed. The connection out is fixed.

Now, my computer at home is a windows stationary box. And since i can't change the listening port on my version of VNC I will need another proxy on that computer as well that listens on port 80 (remember that the lappy connected on port 80?).

Now I used a small proxy called "free proxy" for this to listen for connections on port 80, and then send them to localhost on port 5900, where the VNC is listening =)

There, that's all.

I just wanted to post this since it would work on any other program, and it's a great example ^^ it's great for bypassing school security.

[computathug]

The youth of today eh! Nah, i am just jealous we never had the internet in our day. The best we had was to be one of the first two schools to get a doomsday machine. And we thought we were privileged XD

If you are wondering what they were take a look here

Code: Select all

http://people.uleth.ca/~daniel.odonnell/Research/the-doomsday-machine

Any way nice little tut there neo

[ebrizzlez]

Code: Select all

( ::Directed to new-comers or people who have no idea what neo just said:: )

Hackers arn't just people who penetrates system, hackers are thinkers. The term hacking(used as a verb) means to take an item, and make it do something it wasnt intended to do. What neo did, was turn this VNC he was using, to listen on a remote port he wasnt allowed to listen to. (Although the older versons dont support changing the ports, I believe the newer do.) But is a great idea of recursion, instead of just saying this can't be done, he thought around that idea, and bypassed the normal functions.

Noww... neo, you do realize if one of your friends pull out a packet sniffer they can sniff that password for the VNC unless you use SSH to secure it.

But... now you opened a bunch of vurnablities to your schools network. VNC isnt the securest thing in the world, some exploits are on the net for older versions. In fact, some are even built into Metasploit! Which means its aim for total script kiddie use.

I have to say Neo, this was a very intersting idea you had. If you think about it, you just opened a wide array of ideas. Running programs even trojans on port 80 using this method, now there is something to look forward at.
(User warning advise: Suck-O does not support anything of a malicous nature. )

[ayu]

Noww... neo, you do realize if one of your friends pull out a packet sniffer they can sniff that password for the VNC unless you use SSH to secure it.

Well, you don't really believe that they would make a remote administration tool and then send the passwords RAW? ^^

Also as a side note, if I told my classmates to sniff some data they would throw up a bunch of crack on the table x)

But... now you opened a bunch of vurnablities to your schools network. VNC isnt the securest thing in the world, some exploits are on the net for older versions. In fact, some are even built into Metasploit! Which means its aim for total script kiddie use.

Indeed, there are some really dangerous exploits out there for 4.1 and 4.1.1. But no worries, I would NEVER use such a version. I use a much older version =3

And yeah about the newer versions. Correct, you can change port ^^ but my client doesn't support changing ports thus the proxy trick. But it also for some reason can't connect to any newer VNC servers ^^ . And since i had so much trouble to set everything up, I will keep it this way xD

[ebrizzlez]

Ha, I know Cain and Abel(another totally script kiddie tool, scary how often you see these things. xD) can crack VNC hashes. In fact, Mr. Cain has a own section towards its cracker to crack the VNC hashes.

But this I found very intersting, because I run into situtations like that. Where there is a certain software only supported and I'm force to use that software, and instead of trying to google another one up, I try to use recursion and think of a way to use what I got.

But seriously, I would reck havoc on the school's system at the end of the year if I did something like that. Our little friend Cain preformed an ARP attack on my school's network, with that said, the firmware to the router is easily exploitable. Imagine the damage. xD
(But seriously, Suck-o doesnt support malicous natures...)

That is pretty sick though. I used a VNC when I goto remote places and I want to access my tools, papers or even music on my home console.

[ayu]

Yeah VNC is a good tool =)

And naaah, I wouldn't want to hurt the schools system ^^ I'm on the administrators side ^^

[ebrizzlez]

Yeah VNC is a good tool =)

And naaah, I wouldn't want to hurt the schools system ^^ I'm on the administrators side ^^

Your lucky, my school pratically doesnt let me touch a console! And if its for research, I am watched so closely, the teacher actually hovers over me.

VNC is a good tool, I completely agree, I just recommend for those who are worried about security over it, encrypt it and make it secure with SSH or the Tunneling method.

[hpprinter100]

or if you are @ boparding skul and having issules use this service its amazing value for money and u can do anyting even hacking =D

[/url]http://www.vpntunnel.co.uk/[url][/url]