mailing list archives
RE: [PEN-TEST] Download fw1 topology
From: "Ogle Ron (Rennes)" <OgleR () thmulti com>
Date: Tue, 15 May 2001 09:46:23 +0200
Recall that Checkpoint has two forms for VPNs, fwz and IPsec. If you are
using fwz, then SecuRemote (Secureclient) will download the topology without
authentication first. If you are using IPsec, then SecuRemote will request
authentication before it will download the topology.
If you look in your userc.c file, you will find many interesting pieces of
information that can be used to hack. First, you will find all of the IP
addresses and directly attached networks of all of the interfaces on the
firewall. Second you will find all of the networks that are included in the
firewall's encryption domain. These networks are considered behind the
firewall. It will show you what firewall version and what VPN types that it
will support (FWZ and IPsec). It will show you the identity of the
firewall's manager which may or may not be the firewall itself. This could
be a machine somewhere else. If you can compromise this machine, you've got
the keys to the kingdom. This is also the machine that you download the
info for this userc.c file.
In the newer versions of SecuRemote, you have a policy section. This
section in essence creates a firewall solution on the SecuRemote machine.
One last thing. If you know what your doing, you can change some of the
information in this file by hand. For example, I've added DNS servers,
deleted networks and changed netmasks without having to "update" my
From: railwayclubposse () hushmail com
[mailto:railwayclubposse () hushmail com]
Sent: Tuesday, May 15, 2001 2:34 AM
To: PEN-TEST () securityfocus com
Cc: davew () sec-tec com
Subject: Re: [PEN-TEST] Download fw1 topology
When I use the Secureclient to try to download topology, it
asks me for
a certificate. I don't get anything else.
If I use a certificate, I get some very interesting and cool
things in my
users.c file. How do you get it before you authenticate?
They've got the
The SDK for the API (OPSEC) used in all the Checkpoint
products is available
for download. Could be fun.
David Wray [mailto:davew () sec-tec com] wrote:
I often try to perform a download VPN
topology request using Checkpoint Secureclient. Once the
download is done,
any request for the Internal IP address scheme will prompt
for a username
Free, encrypted, secure Web-based email at www.hushmail.com