Punching through the Fortinet – Web Filter Evasion

Today, cialis 20th of March 2013, I went into college as per normal, and tried accessing this site to upload a new post (which is now in drafts, I will publish it over the weekend). Anyway, I ran straight into this:

censored

Me, sales blocked.

I, quite naturally, became quite irate. I had missed my morning cup of coffee due to a delayed bus, and now this. Blocked. Censored. Denied.
I had gotten used to seeing this “page” quite often, as my web browsing habits (Security websites) tend to get flagged as “hacking” and suchlike. However, seeing my site blatantly blacklisted as a “malicious website”, i.e. one which slings malware at its viewers, was a step too bloody far.

After a slight rage-fest on twitter, and several angry emails sent to various responsible persons (all of whom denied any responsibility so far, cowards!) I decided the best course of action would be publishing a guide on getting around these shitty web filters. As it so happens, Fortinet has a bigger gaping hole, than, well, Goatse.
Generally speaking, the best way around any of this crap, is to tunnel right through them. I shall outline the methods I have used with the most success over the last few months of putting up with this nonsense.

TOR – The Onion Router.
So, the last few posts concentrated on getting you TOR set up, and are linked at the bottom of this post. There is a very valid reason for this, and it is rather simple.

Fortinet “FortiGard” has no bloody clue what TOR is, and does not block it. I can surf freely all day long without seeing a single “blocked” page, provided I am willing to tolerate severely throttled speeds and “the lag of TOR” during the connecting phase.

So, if you are stuck behind a Fortinet, TOR up! It is beneficial to your internet-health anyway! It makes you less traceable!

For TOR installation details, see the following posts:
Installing TOR on Ubuntu
Installing TOR on Windows
Installing Torbutton

Now, if they have blocked TOR, the following tricks will work:

SSH tunnels to port 443.
For a free shell that supports SSH to port 443, go to CJB.NET Shells
If, for some reason, even that fails… Let me know! I have had some luck with DNS tunnelling also.

So, in conclusion: Fortinet is trivial to bypass, you can do it blindfolded.

Installing Torbutton

I almost thought a Torbutton install post was pointless, ailment until I realized a lot of people still manage to screw it up.
Somehow. I have no idea exactly how…
Anyways, onward! I will assume you have read http://insecurety.net/?p=847 and http://insecurety.net/?p=842 and gotten TOR working for you.

The following works on any platform once TOR/Vidalia is installed. TORbutton makes irreversable changes to Firefox, so you should install Firefox specifically for this!

In Firefox navigate to torproject.org/torbutton

Click the install link near bottom of page. The one that reads “Expert Install” “Install from this page”
Allow it to do voodoo magic.

torbutton install

torbutton install

Once Torbutton installs and Firefox restarts, navigate to check.torproject.org

It Works!

It Works!

If you are seeing this, it clearly worked and you are good to go! Now onward we go!

 

Installing TOR On Ubuntu Linux

Seeing as Ubuntu is one of the most commonly used Linux distros around, tadalafil and because I cannot be bothered getting a Fedora .iso, and because these instructions work fine for Debian also, here goes! (yes, in the images I am using BT5, which is basically Ubuntu)

To get your distribution name, the command “lsb_release -c” will tell you. This is important.

First off, sovaldi sale add the appropriate repository to your /etc/apt/sources.list file.

Essentially this command:
sudo echo “deb http://deb.torproject.org/torproject.org <DISTRIBUTION> main” >> /etc/apt/sources.list

Adding TOR repo

Adding TOR repo

Next, capsule we import the tor project GPG keys. I advise being root when doing this.

gpg –keyserver keys.gnupg.net –recv 886DDD89
gpg –export A3C4F0F979CAA22CDBA8F512EE8CBC9E886DDD89 | sudo apt-key add –

Adding GPG keys

Adding GPG keys

sudo apt-get update to refresh your package lists…

Update Package List

Update Package List

Now we install the torproject keyring.

apt-get install deb.torproject.org-keyring

keyring install

Installing Keyring

Install TOR itself and the Vidalia GUI… It will prompt to add a user to the group so select your username!!!

apt-get install vidalia tor polipo

Installing TOR

Installing TOR

Now, we check is Vidalia working OK or are we already fscked. By running it.

Vidalia Works

Vidalia Works

If it looks like that, you are good to go smile Again, as per http://insecurety.net/?p=842 , just set proxy settings in your browser to use 127.0.0.1 and 9050 as the port and you should be good to go!

Next up: Installing TORbutton :)

The observant ones will note the dates on the screenshots are old: I had originally made this guide for some friends who wanted it, and then I decided to publish it openly because, reasons.

 

 

 

TOR Setup – Windows

/*
This is part one of a multipart posting series that’s gonna go on all evening before el grande finale of using TOR and suchlike to bypass Fortinet Web Filters and other such bullshit censorship warez. The two TOR install posts will go up first, followed by the ranty bypassing one, then some other stuff :3

Please note, these installation guides are for non technical people in a sense, I literally try hold the users hand as much as possible…
*/

Well, if anyone here is as paranoid as I am, they probably wonder how the hell they can prevent their online activities from being traced back to them. So, in the interest of helping others anonymize their online presence, I have decided to knock up a few simple enough guides on installing and using various pieces of anonymity software, starting with the TOR bundle for Windows.

So. You should navigate yourself to torproject.org, and go to the downloads section.

Downloading TOR

Downloading TOR

Assuming you installed Firefox ages back (I hope to god ye arent using IE…) install the Vidalia bundle. Just download it, run the executable file, tick all the boxes (i.e. full install) and fire ahead. It will pop during the install.

Installing Vidalia Bundle

Installing Vidalia Bundle

Finally, let TOR run, and you should see the following after up to two minutes or so:

TOR works

TOR is now running

Bingo. That is TOR installed and running, and as you can see, it is VERY simple to use. To make it work with Firefox for anonymized browsing: Edit -> Preferences -> Advanced -> Network -> Settings -> Set proxy as: SOCKS5 (type), and 127.0.0.1 as IP and 9050 as port. I don’t think I can get much more simple than that.
 

Predictions for 2013 in Infosec

Here are the predictions for the year 2013 for those of us in the security field.

  1. More pointless debates on full disclosure/non disclosure/selling 0day to governments or whatever. Our good friend @csoghoian will continue to demonize the 0day sellers such as VUPEN and @thegrugq who will continue not giving a flying monkeys.
  2. More “ERMAGHERD BLAME CHINA” nonsense, physician calling skript kiddie level phishing attacks involving poorly written remote admin tools and old exploits “Advanced Persistent Threats”. Some decent threat actors will pop up with some shiny 0days and cause a widespread pants-soiling as they 0day the hell out of some US defence contractors from .CN subnets and generally make AV firms a shedload of money.
  3. More passwords will be leaked as script kiddies with Havij and SQLmap pop large websites who still do not think SQL injection is a thing. Groups such as “Anonymous” and their offshoots will proliferate, purchase with several “wannabe lulzsec” scrublords making a bit of a mess.
  4. More holes in Java, Adobe, and IE. Lots of holes. AV firms will capitalize on these to sell “ENTERPRISE SECURITY” products to people.
  5. More SCADA vulnerabilities will be touted which will cause “OMG HACKERS CAN HIJACK POWER PLANTS” headlines.
  6. The good people at Attrition will expose a literal buttload of Charlatans and said charlatans will be laughed at.
  7. Kaspersky will find some more malware, probably in Iran, and make headlines about the mythical “Cyberwar” thing. Kaspersky will make more money and press.
  8. We will see more shitty XSS posted on Full Disclosure. ESPECIALLY by “Vulnerability Lab”.
  9. I am going to wake up on the first day of 2013 and post a pretty cool proof of concept exploit, as per tradition. I will possibly be laughed at for how simple it is, and someone, somewhere, will facepalm for not figuring it out first.
  10. I dropped my crystal future seeing ball, sorry.

And, those are our predictions. I am betting a pint on those, so they better bloody well be right.

-info

Web Malware Collection – Massive Change

Insecurety Research has mantained a repository of web malware over at Google Code for a considerable amount of time, pharm so independant researchers could get samples for analysis.

We always offered it as a SVN repo, where anyone could anonymously check out the whole collection, troche or selected samples, at will.

Those days, sadly, have come to an end.

Due to a researcher from nerv.fi creating an issue about it – see here – we ended up deciding to come to a compromise, sale lest we get suspended or something.

We now offer the entire repository as an archive downloadable here instead of a SVN repository, and every time we get 50 new samples in the bag, we will update the tar file.

Simply wget http://web-malware-collection.googlecode.com/files/web-malware-collection-13-06-2012.tar.gz to get the current one. We will post every time we release a new one.

This project has been one of our proudest achievements, and we are very sorry to see it crippled in this way, however as we all know, we must adapt in order to survive. While Henri has a legitimate complaint, we believe that these samples STILL belong to the public.

Human knowledge belongs to the world, after all, and information ALWAYS wants to be free.

“Y U NO POST??”

Hey readers, unhealthy
Sorry about no new content over the last few days, I had been having computer problems. Basically, for sale I bricked my box for a while.

I was messing about with the TCP stack on it (I am not going to go into details, it was some fucking about at 4am), and next thing I know, nothing works right.

Shit. I broke it.

So, I went off, got an external drive, and backed up ~/ before rm -rf /* and reinstalling.

I am now using LUbuntu, as it is very pretty and light and nice and such, and actually runs on my box. So now I am just arguing with my own software – and TOR – to try get everything back together again.

I will finish my writeup on the forensics challenges as soon as I get back into it, and will have more “Basic Security Tips” up soon – protecting yourself from various threats. Just have to write the damn articles…

Again, I am sorry about no updates… Am I forgiven?

As always, suggestions and abuse are welcome.

~infodox

Migrated!

Quick update, cure Migration to WordPress is going fairly well.

The old content can still be accessed at http://insecurety.net/index.OLD.html for those that want it, advice however it will all be eventually assimilated into this WordPress blog.

The team is also expanding, with new people coming onboard to share their work and collaborate on new things. So there should be a lot of awesome research and development done!

I am currently finishing off some research into Denial of Service attacks and migitations by posting a series of articles about how they work. I am starting with SYN floods and then just moving along.

As this summer kicks off,  Blackhat Academy is going to be relaunching their site soon, with lots of awesome new content. Having started contributing to their wiki, I have seen the absolutely amazing content they have over there. Go check it out – it is relaunching in June!

The subpages are not yet finished, and this site is still a work in progress (as always), but yeah.  Hope you find something you like here :)

Migration to WordPress: not as easy as it looked…

So, search when I thought “Lets move to stage two, migrate the site to a WordPress CMS”, I figured it would be fairly simple.

LOL, NO! Nothing is ever that simple. The host would not update PHP/MySQL because the ability to run WordPress was a “paid extra”. OK, fine.

Challenge Accepted Motherfuckers!

I mean seriously. Bitch, please. You tell me, a fucking hacker, that I cannot run WordPress on my own account because you want me to PAY for updates?

“So, how long did it take to make WordPress run?”

2 minutes. I basically patched wp-content/version.php to accept MY versions of PHP/MySQL instead of the hard coded minimums. It then worked.

Then came the challenge of lrn2wordpress. Themes, etc. Or rather, remembering why the fuck I installed it in the first place…

Anyways, gotta migrate content…