Nytro Posted February 29, 2012 Report Share Posted February 29, 2012 [h=2]New tool release – “Egress Buster” – Find outbound ports[/h]February 29th, 2012A friend was recently on a penetration test and needed a port on the outside. I haven’t found any decent tools out there for finding what ports are allowed outbound to help with reverse shells and stuff like that so I wrote one real quick. Note that this was written in about 15 minutes and the code can absolutely be improved. I’ll probably go back and clean it up sometime. There are some limitations, for one, operating systems in general start to puke when you generate over a 1000 listeners, so you will need to test a 1000 at at time. Good news is the socket handlers are multi-threaded so you can cycle through about a 1000 ports in well under a minute. Here’s the general concept: You are on the inside network somehow and need to find what ports are allowed out to the Internet. There’s two main files/components – egressbuster and egress_listener. Egressbuster connects out on whatever ports you specify and tries to connect to an Internet facing computer thats running egress_listener. Very simple to run: On victim: egressbuster.exe example: egressbuster.exe 208.1.1.1 1-1000 In the above example, we specify a low port range and high port range, egressbuster will attempt to connect from port 1 to 1000 outbound to wherever the reverse_listener is. The listener: python egress_listener.py example: python egress_listener.py 1-1000 In the above example, we just specify what ranges we need to listen to. In the above example we listen from 1 to 1000 for incoming connections. When a connection is established, this is what you'll see on the listener side. 192.168.235.131 connected on port: 170 192.168.235.131 connected on port: 171 192.168.235.131 connected on port: 172 192.168.235.131 connected on port: 173 192.168.235.131 connected on port: 174 192.168.235.131 connected on port: 175 192.168.235.131 connected on port: 176 192.168.235.131 connected on port: 177 192.168.235.131 connected on port: 178 If your interested, download the byte compiled code and the python source here.Download:https://www.secmaniac.com/files/egressbuster.zipSursa: https://www.secmaniac.com/blog/2012/02/29/new-tool-release-egress-buster-find-outbound-ports/ Quote Link to comment Share on other sites More sharing options...
