Hey im back with a new tutorial to help those new upcoming security experts tackle yet another dilemma. Let me start out by telling you what exactly this tutorial is going to teach you and hopefully explain. This tutorial is for those unfortunate users that have to suffer from network safeguards. Ok now then let’s ask ourselves why are safeguards put into place? The obvious would be to protect you and the company. But my philosophy is that they can go too far, and by going to far they have crossed the last straw. Now then one must take the necessary steps in order to make your environment less hostile. My proposal is to teach you how to overcome all odds and defeat those safeguards. Now then what I will be describing is from actual circumstances that I was limited to from use of a network at school.

The Schools Network

Internal Computers ----> Router ----> MS Proxy ----> Firewall ----> The Internet

>From this setup the configuration seems like they are pretty secure from an outside line attack. How I know because you never get the inner domains IP one the referred one the proxy spits out back to you.

Now then the problem with the network is that it has too many restrictions. Some of them include
No downloading of Exe Zip Wav files
No downloading of MP3’s
Banning of Popular Email Services
Banning of Shopping & entertainment sites
Port blocking (no FTP, Telnet, etc.) only port 80

I was generally pissed that I couldn’t download what I wanted or go to check my email daily and thus was determined to successful work my way into management.

The solution is simple and practical
To start with let’s get past this crappy ms proxy. First off you can’t do the simple disable the proxy like we had done in the past. For the new guys this is where you would just go to your “Tools” then “Internet Options” “Connections” and depending on your settings uncheck the proxy. The Admin’s have gotten a lot tighter and well now they made it so that authentication is needed to overcome the use of a proxy. So unless you are somehow a genius and can get the passwords to the proxy servers then you’re stuck using that temp account you have and finding other solutions. In the old days to get past a website ban we could find a mirror or let’s say for hotmail … we couldn’t go to www.hotmail.com because that was banned but instead the backdoor was at www.msn.com where a user could login from there. But they caught on because the info always gets leaked and the whole domain of Hotmail gets blocked. So a solution rumbles into my head and im thinking PROXY! But I can’t change the proxy settings to use another one. Ah, but there is such things as proxy chaining. So let’s go over what to do. If your experienced user then you have probably traveled to http://www.anonymizer.com/ once upon a time. This is an online proxy server that hackers used back in the day…..COUGH...COUGH… that is to say “before” they started charging money to use there service. Every hacker knew that it was a safe bet that you couldn’t be tracked from this service. It’s basically like a 3 way phone call. You connect to there server and there server connects to the webpage you want. Then there servers send you back the info you requested. Simple right!

Now there are other sites that have spawned off the great anonymizer that offer similar services and well you are just going to have to look around for those. But wait there’s more to this story, you see after the news got around that the few and elite could get past the restrictions with anonymizer well, the ADMINS started to notice what was going on and banned that site as well. Moving on to how Google.com can also help. Google.com can help because it caches its pages. Try this, do a search on google.com and then look at the results you see below the results the section underlined Cached. This means google.com has already indexed that site and you can pull up all those banned websites that you really want to checkout with google.com. But this wasn’t the route I wanted to take because I still couldn’t use my email. In the end I decided to go to an old friend of mine made by James Marshall. It’s called “CGI proxy”. Best script out there. What CGI Proxy is, is a cgi script so that you can set up a web based proxy. This script is easy to setup and can be hosted on websites. It serves as a proxy server and thus you can use it to search the web. PLUS there’s a version out there that supports SSL… why would that be important you ask well because hotmail uses SSL authentication so that you can get into your email. So I setup the script takes 5 minutes and im up and running and the school has no idea. So a basic run down is grab a copy of CGI proxy set it up run it and be on your way searching through a proxy just like anonymizer.com.

To get past the mp3 restrictions I was furious, for the longest time I thought the school got the best of me but I was wrong I looked into the matter and well. WINDOWS MEDIA PLAYER was my clue. There’s a file format that windows makes its called WMA. This file extension wasn’t blocked because it’s less widely used. So now it was a matter of hosting “WMA” files that I later would converted from mp3 and uploading them to be downloaded. If your having similar problems there’s more than 1 way to skin a cat.My second method was rather cleaver and sneaky. I was inspired from a site where I was downloading mp3s. The mp3s were named rather differently that before with extensions like nameofgoodsong.aab or something not the standard nameofgoodsong.mp3. What I did was change the extension of the files that would be blocked to some other extension that wasn’t noticeable and wasn’t blocked. For example upload coolapp.exe and when it’s done rename it to coolapp.haha
Then when you’re downloading it right click on the file and save file as
Rename it to coolapp.exe and it should save and be just like normal.

Now then getting a chat service to work was rather fun and challenging. Since I was limited to only port 80 there’s no way in hell I could connect to Windows messenger, YAHOO, AIM or any other leading chat program. Because Windows Messenger aka MSN messenger connects on port 1863 to communicate to its server.
My working solution is to make and create a 3 way connection.
Again it would look something like this

Internal Computers (port 80)----> Router (port80) ----> MS Proxy (port 80)----> Firewall –(port 80) --> The Internet (port 80)--> (port 80) REMOTE SERVER( redirected to port 1863) ---->WINDOWS MESSENGER SERVERS (port 1863)

And back

(port 1863) WINDOWS MESSENGER SERVERS--> (port 1863) REMOTE SERVER (redirected to port 80)-- > The Internet (port 80) --> Firewall (port 80)--> MS Proxy (port 80) --> Router – (port 80) --> Internal Computers

OK now then the REMOTE SERVER serves as the middle man for this to work.
You see your about to connect to the remote server and then have the remote server connect to windows messenger servers for you. Then windows messenger sends the info back to the remote server and back to you on port 80.

To do this you need 2 things 1st is Fpipe and 2nd is a second server that fpipe is going to run on.
When you start fpipe you get something that looks like this from the dos/command prompt screen.

C:\>fpipe
FPipe v2.1 - TCP/UDP port redirector.
Copyright 2000 (c) by Foundstone, Inc.
http://www.foundstone.com

FPipe [-hvu?] [-lrs <port>] [-i IP] IP

-?/-h - shows this help text
-c - maximum allowed simultaneous TCP connections. Default is 32
-i - listening interface IP address
-l - listening port number
-r - remote port number
-s - outbound source port number
-u - UDP mode
-v - verbose mode

Example:
fpipe -l 53 -s 53 -r 80 192.168.1.101

This would set the program to listen for connections on port 53 and

when a local connection is detected a further connection will be
made to port 80 of the remote machine at 192.168.1.101 with the
source port for that outbound connection being set to 53 also.
Data sent to and from the connected machines will be passed through.
……………………………………………

Now then the demo they show us can be useful for the user to figure out what
Exactly it is that we are going to do.

First let’s think about what we exactly are going to accomplish. You are going to send a request through port 80 from within your network to your remote server that is hosting fpipe. Then Fpipe on the remote server receives the incoming info from port 80 that you have just sent out and redirects the outgoing info to port 1863. The send info that just went out through fpipe leaves through port 1863 and now goes to windows messenger server where it communicates with login info and then sends the info back to our remote server through the port of 1863 where our remote server transfers that info back out through port 80 to us.

The command line for fpipe to run on the remote server would look like this.

fpipe -l 80 -s 1863 -r 1863 messenger.hotmail.com

Simple Steps to Remember

1. Download Fpipe from http://www.foundstone.com
2. Set up your windows messenger client to connect to a proxy
3. Change the proxy info to http proxy the server would be your remote server you have fpipe running on. And the port for the proxy is of course 80
4. Start Fpipe with the command of “fpipe -l 80 -s 1863 -r 1863 messenger.hotmail.com”
5. now with fpipe running you can now connect and run windows messenger

For those that want to do this with other chat programs Im 1 step ahead of you

AOL SERVER- login.oscar.aol.com port 5190
ICQ SERVER - login.icq.com port 5190
WINDOWS MESSENGER SERVER - messenger.hotmail.com port 1863
YAHOO SERVER - cs.yahoo.com port 505