Security Bypass
This document covers basic techniques to bypass security mechanisms in Linux systems during penetration testing engagements within the OSCP scope.
Table of Contents
Firewall Evasion
Alternative Ports
Common services often run on non-standard ports to bypass firewall restrictions:
# SSH on non-standard port
ssh user@target -p 2222
# HTTP/HTTPS on alternative ports
curl -vk https://target:8443
nc -nvz target 8080Source Port Manipulation
Many firewalls allow traffic from trusted ports:
# Source port manipulation using nmap
nmap -g 53 target
nmap -g 88 target
# Using netcat to specify source port
nc -p 53 target 80Log Evasion
Basic Log Cleanup
Simple techniques to reduce traces in system logs:
# Clear bash history
history -c
rm ~/.bash_history
# Disable history recording for current session
export HISTSIZE=0
unset HISTFILEFile Timestomping
Modify file timestamps to match surrounding files:
# Change access and modification time
touch -a -m -t 202001010101.01 file.txt
# Use timestamps from another file
touch -r reference.txt file.txtTraffic Tunneling
SSH Tunneling
Basic SSH tunneling techniques:
# Local port forwarding (access remote service through local port)
ssh -L 8080:internal-server:80 user@pivot-host
# Remote port forwarding (expose local service to remote host)
ssh -R 8080:localhost:80 user@remote-host
# Dynamic SOCKS proxy
ssh -D 9050 user@pivot-hostProxychains
Using proxychains to tunnel traffic through a proxy:
# Configure /etc/proxychains.conf to use your SOCKS proxy
echo "socks5 127.0.0.1 9050" >> /etc/proxychains.conf
# Run commands through the proxy
proxychains nmap -sT -Pn target
proxychains firefoxPort Redirection
Simple Port Redirection
Using netcat for basic port redirection:
# Listen on local port and forward to remote
mkfifo /tmp/pipe
nc -l -p 4444 < /tmp/pipe | nc target 22 > /tmp/pipeUsing Socat
Socat is more stable for port forwarding:
# TCP port forwarding
socat TCP-LISTEN:8080,fork TCP:internal-server:80
# Forward with some encryption
socat OPENSSL-LISTEN:443,cert=cert.pem,fork TCP:internal-server:80Additional Resources
Last updated