Security Bypass

This document covers basic techniques to bypass security mechanisms in Linux systems during penetration testing engagements within the OSCP scope.

Firewall Evasion

Alternative Ports

Common services often run on non-standard ports to bypass firewall restrictions:

# SSH on non-standard port
ssh user@target -p 2222

# HTTP/HTTPS on alternative ports
curl -vk https://target:8443
nc -nvz target 8080

Source Port Manipulation

Many firewalls allow traffic from trusted ports:

# Source port manipulation using nmap
nmap -g 53 target
nmap -g 88 target

# Using netcat to specify source port
nc -p 53 target 80

Log Evasion

Basic Log Cleanup

Simple techniques to reduce traces in system logs:

# Clear bash history
history -c
rm ~/.bash_history

# Disable history recording for current session
export HISTSIZE=0
unset HISTFILE

File Timestomping

Modify file timestamps to match surrounding files:

# Change access and modification time
touch -a -m -t 202001010101.01 file.txt

# Use timestamps from another file
touch -r reference.txt file.txt

Traffic Tunneling

SSH Tunneling

Basic SSH tunneling techniques:

# Local port forwarding (access remote service through local port)
ssh -L 8080:internal-server:80 user@pivot-host

# Remote port forwarding (expose local service to remote host)
ssh -R 8080:localhost:80 user@remote-host

# Dynamic SOCKS proxy
ssh -D 9050 user@pivot-host

Proxychains

Using proxychains to tunnel traffic through a proxy:

# Configure /etc/proxychains.conf to use your SOCKS proxy
echo "socks5 127.0.0.1 9050" >> /etc/proxychains.conf

# Run commands through the proxy
proxychains nmap -sT -Pn target
proxychains firefox

Port Redirection

Simple Port Redirection

Using netcat for basic port redirection:

# Listen on local port and forward to remote
mkfifo /tmp/pipe
nc -l -p 4444 < /tmp/pipe | nc target 22 > /tmp/pipe

Using Socat

Socat is more stable for port forwarding:

# TCP port forwarding
socat TCP-LISTEN:8080,fork TCP:internal-server:80

# Forward with some encryption
socat OPENSSL-LISTEN:443,cert=cert.pem,fork TCP:internal-server:80

Additional Resources

PreviousPersistence NextPrivilege Escalation Checklist

Last updated 6 months ago

hashtagTable of Contents

hashtagFirewall Evasion

hashtagAlternative Ports

hashtagSource Port Manipulation

hashtagLog Evasion

hashtagBasic Log Cleanup

hashtagFile Timestomping

hashtagTraffic Tunneling

hashtagSSH Tunneling

hashtagProxychains

hashtagPort Redirection

hashtagSimple Port Redirection

hashtagUsing Socat

hashtagAdditional Resources

Table of Contents