Hacking or Getting Around Proxy Servers At work? - Page 3

SLAG · 09:17 PM

this is in theory

Proxy server called "Blue Coat" - www.bluecoat.com -

How would I go about getting around it?

Now it seems just like an HTTP proxy as i can still run CMD and do an ftp command from the console. Email Ports are working and functional.

How to get around the "Blue Coat"

unlurking · 04-28-2006, 05:50 PM

http://www.tartarus.org/~simon/putty.../x86/putty.exe

Putty is a GUI SSH client that does not install. Just execute the binary and off you go.

StcChief · 04-28-2006, 07:22 PM

Quote:

Originally Posted by unlurking

http://www.tartarus.org/~simon/putty.../x86/putty.exe

Putty is a GUI SSH client that does not install. Just execute the binary and off you go.

Putty is a good free product for server level access.

SLAG · 04-28-2006, 07:42 PM

Too Bad my Microsoft Thumb Drive Has not Arrived Damnit Bill

SLAG · 05-03-2006, 06:35 PM

I found this at the bottem of some page--

Quote:

Note: Using port forwarding with FTP (Port 21) only tunnels/forwards the initial command channel, the second data channel that FTP uses even under passive mode will not be tunneled and therefore tunneling/forwarding FTP connections to bypass the security perimeter WILL NOT work.

I wonder if just ssh 22 is open?

I am also getting this error once i start ssh back up after editiing my sshd_config -

Quote:

Starting SSH daemon/etc/ssh/sshd_config line 13: Badly formatted port number.
startproc: exit status of parent of /usr/sbin/sshd: 255

any ideas?

Boozer · 05-03-2006, 08:12 PM

Quote:

Originally Posted by SLAG02

any ideas?

Tell you employer you're going to work for his competitor if he doesn't uncripple your Internet access. If he lets you walk, you probably shouldn't be spending so much time surfing the web at work.

unlurking · 05-03-2006, 10:38 PM

DOH!!!

My bad, sorry!

You actually need one line for every port, so...

Port 22
Port 23
Port 25
Port 389

etc.

Sorry 'bout that. Got apache stuck in my head where you can define multiple ports using commas.

And yes, FTP uses 2 ports, 21 for control and 22 for data. Also, they are both UDP, and HTTP is TCP. Even if you change ports, the firewall will not let it through, as it is only letting UDP through over 21 and 22.

unlurking · 05-03-2006, 10:39 PM

Quote:

Originally Posted by Boozer

Tell you employer you're going to work for his competitor if he doesn't uncripple your Internet access. If he lets you walk, you probably shouldn't be spending so much time surfing the web at work.

Onion_Knight · 05-07-2006, 02:45 PM

Quote:

Originally Posted by unlurking

DOH!!!

And yes, FTP uses 2 ports, 21 for control and 22 for data. Also, they are both UDP, and HTTP is TCP. Even if you change ports, the firewall will not let it through, as it is only letting UDP through over 21 and 22.

FTP is tcp based and uses TCP 20, and 21.
http://www.faqs.org/rfcs/rfc959.html
http://www.networksorcery.com/enp/protocol/ftp.htm

TFTP is UDP based and uses UDP 69.
http://www.networksorcery.com/enp/protocol/tftp.htm
http://www.faqs.org/rfcs/rfc1350.html

SSH utilizes port 22 TCP

SLAG · 05-07-2006, 04:37 PM

Quote:

Originally Posted by Onion_Knight

FTP is tcp based and uses TCP 20, and 21.
http://www.faqs.org/rfcs/rfc959.html
http://www.networksorcery.com/enp/protocol/ftp.htm

TFTP is UDP based and uses UDP 69.
http://www.networksorcery.com/enp/protocol/tftp.htm
http://www.faqs.org/rfcs/rfc1350.html

SSH utilizes port 22 TCP

Interesting Info, Thanks, Welcome to the Planet,

I also found out that there are static I.P.'s that are going to be Immune to the bluecoat restrictions, I found a list of the unrestricted IP. Address along with all the correct DNS, WINS's Server information

Does this change the plan of the Hypothetical Attack

Onion_Knight · 05-07-2006, 05:18 PM

Quote:

Originally Posted by SLAG02

Interesting Info, Thanks, Welcome to the Planet,

I also found out that there are static I.P.'s that are going to be Immune to the bluecoat restrictions, I found a list of the unrestricted IP. Address along with all the correct DNS, WINS's Server information

Does this change the plan of the Hypothetical Attack

Most likely, These would be servers that depend on updates. I would recommend running a couple traceroutes through your network. Find out which route your normal network traffic goes through, and try and find out which route your HTTP traffic routes through. Its most likely that your gateway router has acls to redirect you to the web proxy if your using certain ports or services. The idea is to find out what traffic you can use to get out w/out restrictions. The next step would try and track down a tunneling program that is port configurable to an outside machine that retrieves your HTTP traffic as text and rebuilds the session on the box. That or start getting to know UPS and USPS.

htismaqe · 05-08-2006, 07:58 AM

FYI, most current firewalls can detect FTP data spoofing on TCP 21.

Use a different port...

Onion_Knight · 05-08-2006, 05:29 PM

I wouldn't recommend doing it all. I think its an easy way to lose your job. In fact, if you spent all this time working, that you have trying to circumvent the rules, they most likely never would have spent the money on the proxy.

They most likely have logs that look for any connection going outbound to IP addresses that they've blacklisted.

Your best chance to do get away with it is to use encrypted channels utilizing ports higher than 1024 and most likely higher than 6500. Don't use backup http ports 80-88, 8080-8088, or 443. Don't use SOCKS ports for that matter as well.

I'd try and use persuasion...

Here's a recent article on web surfing at work...show it to your bosses...try and get some feedback on at least getting a few websites returned.

http://www.msnbc.msn.com/id/12462332/

SLAG · 05-12-2006, 04:31 PM

ok... after today's day on the job I am Determined to get around the proxy server... .my best bet seems to tunnel x11 over PuTTY,

This is where i am stuck, I have added all those ports to the sshd config file, now sshd starts fine, nmap dosent seem to be a reconized command, I cannot connect to the PC from my laptop on MY LAN... any other tips or suggestions, i ran some traceroutes and netstats as well i think i know the ip address of the Proxy or of the gateway, login.oscar.aol.com port 5190 is open to connect to AIM using lotus, but if i go to the web browser and type in login.osacr.aol.com i get nowhere.

This is more than hacking to browse the net or chiefs planet... this is personal

SLAG · 05-13-2006, 12:43 AM

Ok i can log in remotley ( havent tested work yet... ) into linux from my XP box using putty..

when i try to throw the command

Code:

  startx

from putty i get this error...

Code:

Fatal server error:
Server is already active for display 0
        If this server is no longer running, remove /tmp/.X0-lock
        and start again.


When reporting a problem related to a server crash, please send
the full server output, not just the last messages.
Please report problems to http://www.suse.de/feedback.

Xlib: connection to ":0.0" refused by server
Xlib: Invalid MIT-MAGIC-COOKIE-1 key
giving up.
xinit:  unable to connect to X server
xinit:  No such process (errno 3):  Server error.

any suggestions?

SLAG · 05-13-2006, 07:16 AM

ok i'm at work now and it looks as ssh was/is open--- now if we can get past that error message -- thanks chiefs planet You rock

04-25-2006, 04:56 PM
SLAG Superbowl MVP Join Date: Oct 2005 Location: OOOOOOOOOOOOOLATHE Casino cash: $9910252	Hacking or Getting Around Proxy Servers At work? this is in theory Proxy server called "Blue Coat" - www.bluecoat.com - How would I go about getting around it? Now it seems just like an HTTP proxy as i can still run CMD and do an ftp command from the console. Email Ports are working and functional. How to get around the "Blue Coat" Last edited by SLAG; 09-01-2006 at 09:17 PM..
Posts: 11,177

04-28-2006, 05:50 PM	#31
unlurking MVP Join Date: Aug 2003 Casino cash: $7737309	http://www.tartarus.org/~simon/putty.../x86/putty.exe Putty is a GUI SSH client that does not install. Just execute the binary and off you go.
Posts: 10,620

04-28-2006, 07:42 PM	#33
SLAG Superbowl MVP Join Date: Oct 2005 Location: OOOOOOOOOOOOOLATHE Casino cash: $9910252	Too Bad my Microsoft Thumb Drive Has not Arrived Damnit Bill __________________ Ad astra per aspera
Posts: 11,177

05-03-2006, 10:38 PM	#36
unlurking MVP Join Date: Aug 2003 Casino cash: $7737309	DOH!!! My bad, sorry! You actually need one line for every port, so... Port 22 Port 23 Port 25 Port 389 etc. Sorry 'bout that. Got apache stuck in my head where you can define multiple ports using commas. And yes, FTP uses 2 ports, 21 for control and 22 for data. Also, they are both UDP, and HTTP is TCP. Even if you change ports, the firewall will not let it through, as it is only letting UDP through over 21 and 22.
Posts: 10,620

05-08-2006, 07:58 AM	#41
htismaqe 'Tis my eye! Join Date: Aug 2000 Location: Chiefsplanet Casino cash: $10269900	FYI, most current firewalls can detect FTP data spoofing on TCP 21. Use a different port...
Posts: 100,022

05-08-2006, 05:29 PM	#42
Onion_Knight Rookie Join Date: May 2006 Location: Hi Casino cash: $10004900	I wouldn't recommend doing it all. I think its an easy way to lose your job. In fact, if you spent all this time working, that you have trying to circumvent the rules, they most likely never would have spent the money on the proxy. They most likely have logs that look for any connection going outbound to IP addresses that they've blacklisted. Your best chance to do get away with it is to use encrypted channels utilizing ports higher than 1024 and most likely higher than 6500. Don't use backup http ports 80-88, 8080-8088, or 443. Don't use SOCKS ports for that matter as well. I'd try and use persuasion... Here's a recent article on web surfing at work...show it to your bosses...try and get some feedback on at least getting a few websites returned. http://www.msnbc.msn.com/id/12462332/
Posts: 11

05-12-2006, 04:31 PM	#43
SLAG Superbowl MVP Join Date: Oct 2005 Location: OOOOOOOOOOOOOLATHE Casino cash: $9910252	ok... after today's day on the job I am Determined to get around the proxy server... .my best bet seems to tunnel x11 over PuTTY, This is where i am stuck, I have added all those ports to the sshd config file, now sshd starts fine, nmap dosent seem to be a reconized command, I cannot connect to the PC from my laptop on MY LAN... any other tips or suggestions, i ran some traceroutes and netstats as well i think i know the ip address of the Proxy or of the gateway, login.oscar.aol.com port 5190 is open to connect to AIM using lotus, but if i go to the web browser and type in login.osacr.aol.com i get nowhere. This is more than hacking to browse the net or chiefs planet... this is personal __________________ Ad astra per aspera
Posts: 11,177

05-13-2006, 07:16 AM	#45
SLAG Superbowl MVP Join Date: Oct 2005 Location: OOOOOOOOOOOOOLATHE Casino cash: $9910252	ok i'm at work now and it looks as ssh was/is open--- now if we can get past that error message -- thanks chiefs planet You rock __________________ Ad astra per aspera
Posts: 11,177

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode