Bypassing Port Blocking Using Malicious FTP Server
Fayte sent me this Bindshell link today that discusses a way to bypass port blocking in Firefox, Opera and Konqueror. The obvious implications for this attack are to circumvent the restrictions built into Firefox in particular. This restriction makes it hard to do things like attack non HTTP ports due to a restriction build into default versions of Firefox. That really does put a crimp into port scanning, but this is a clever way to circumvent it using a malicious FTP server.
The basic concept is if you send a header like so: 227 Entering Passive Mode (192,168,0,1,84,149) your browser will be redirected if it supports the PASV command (which Firefox, Opera and Konqueror do). Very clever implementation and nice work from Mark at Bindshell!
March 12th, 2007 at 9:46 am
Argh, I reported this bug and it has been promptly resolved as a duplicate - this has been fixed already, need to wait for Firefox 2.0.0.3. I really shouldn’t be searching open bugs only when reporting them…
March 12th, 2007 at 10:19 am
Ignoring email from me are we :p
I sent this to you on the 7th.
March 12th, 2007 at 12:39 pm
I think you are missing the important point, Banner grabbing.
March 12th, 2007 at 1:44 pm
Oh crap, I see it now. I’m sorry, Sid… Yes, you definitely sent it to me first, for some reason it was marked as read, even though I didn’t read it. Stupid mail client marks things as read if I delete the message above it (usually spam).
If I don’t respond to emails please re-send. I get literally thousands of emails a day (mostly through mailing lists, but I get at least 200-300 personal emails a day too), so sifting through them can be interesting to say the least.
March 12th, 2007 at 1:49 pm
@John - yup, that too, thanks for bringing it up!
March 12th, 2007 at 2:52 pm
Heh. No harm done. To be honest I totally forgot I sent it to you until I read this.