RE: Penetration Testing a CheckPoint NG FW on Nokia

From: Dieter Sarrazyn (dsr@ascure.com)
Date: Sun Jan 09 2005 - 02:10:39 EST

• Next message: Faisal Khan: "Windows based DoS Tools?"
• Previous message: Abe Usher: "Using Google Desktop Search for remote system monitoring"
• Maybe in reply to: Jason binger: "Penetration Testing a CheckPoint NG FW on Nokia"
• Next in thread: Kartik Trivedi: "Google Hacking and SiteDigger 2.0"
• Reply: Kartik Trivedi: "Google Hacking and SiteDigger 2.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Also a good source for information is the ISSAF (Information System
Security Assessment Framework) document (from OISSG -
http://www.oissg.org)

http://www.oissg.org/content/view/71/71/

Or the doc itself: http://oissg.org/issaf01/issaf0.1.zip

Dieter

> -----Original Message-----
> From: Jason binger [mailto:cisspstudy@yahoo.com]
> Sent: woensdag 5 januari 2005 23:35
> To: pen-test@securityfocus.com
> Subject: Penetration Testing a CheckPoint NG FW on Nokia
>
> I was recently performing a penetration test against a
> CheckPoint FW running on Nokia and received the following
> results from a port scan against the host:
>
> Interesting ports on XYZ:
> (The 65531 ports scanned but not shown below are in
> state: filtered)
> PORT STATE SERVICE VERSION
> 264/tcp open fw1-secureremote Checkpoint Firewall1
> SecureRemote
> 500/tcp closed isakmp
> 18262/tcp closed unknown
> 18264/tcp open unknown
>
> When telnetting to TCP 18264 I received:
>
> HTTP/1.0 400 Bad Request
> Date: Wed, 05 Jan 2005 21:57:57 GMT
> Server: Check Point SVN foundation
> Content-Type: text/html
> Connection: close
> Content-Length: 200
>
> Opening a browser to TCP 18264 gave an "Internal Server Error".
>
> Are there any tools that allow me to brute-force a username
> and password through the SecuRemote port to gain unauthorised
> access via VPN?
>
> I found this link for bruteforcing usernames on CheckPoint -
> http://www.securiteam.com/securitynews/5TP040U8AW.html
> but could not find the supporting tools. Does anyone have
> this set of tools? and other password bruteforcing tools?
>
> Are there any security implications of allowing access to TCP
> 18262 and TCP 18264 ports? What will break if these ports are closed?
>
> Does anyone have a list of other tests that should be
> performed against a CheckPoint FW?
>
> Cheers,
>
>
>
>
>
> __________________________________
> Do you Yahoo!?
> All your favorites on one personal page - Try My Yahoo!
> http://my.yahoo.com
>

• Next message: Faisal Khan: "Windows based DoS Tools?"
• Previous message: Abe Usher: "Using Google Desktop Search for remote system monitoring"
• Maybe in reply to: Jason binger: "Penetration Testing a CheckPoint NG FW on Nokia"
• Next in thread: Kartik Trivedi: "Google Hacking and SiteDigger 2.0"
• Reply: Kartik Trivedi: "Google Hacking and SiteDigger 2.0"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:12 EDT