Skip to main content


Showing posts from October 27, 2019

Checkpoint Logs – Previously the Magical Smart Tracker!

The Smart Tracker lovers who prefer to have a separate window for checking logs.. you are in for a disappointment!! There is no separate Smart Tracker utility in Smart Console as Checkpoint R80.x boasts of a Unified Work pane and configuration wizard. It is handled by the “Logs and Monitoring” tab as below: The desired traffic log can be filtered as it was done earlier: Right-click on the source / destination / Origin (Gateway) / Application. Below the filter is being applied on: Source = and Destination = The filter can be defined by selecting the IP address or service port as below. Happy troubleshooting!!

Metasploit - Exploiting vsftpd vulnerability

Let us exploit try the below exploit.. Disclaimer: I did an intense NMAP scan for FTP port and did a couple of trial and errors before figuring out that the port 21 has the “vstfpd_234_backdoor” vulnerability that can be exploited: Exploiting Unix “vstfpd_234_backdoor” vulnerability of Metasploitable 2 using  Armitage. The end result being, the exploited host now presents its shell prompt via which we were able to create our own directory.

Metasploit - Scanning vulnerable systems

Open Armitage from the Kali Linux “Applications” pane – the lady with green hair, as below: Click “Connect” and “OK” for the below prompts: Ignore the below prompts: Enter the target IP of which the vulnerability needs to be exploited. This seems to be a mandatory window, as no matter how many times I click “Cancel” this window continues to pop up. Run the nmap scan as below to find the list of hosts active on a network: A small excerpt of the scan is as follows.. The list of active responding PCs will be discovered in the right window.. My vulnerable host is (Metasploitable host) List of open ports on this host based on the nmap scan: We will exploit a vulnerability in the next post..

Cisco Anyconnect VPN client

You might have come across a problem with your end users using Cisco AnyConnect client wherein, the user continues using that old VPN profile which you replaced with a new one, simply because he still sees the old profile populated there and doesn't want any trouble of entering the new one!!!   The Cisco Anyconnect VPN client usually stores its cache i.e. the list of all the VPN profiles, it has ever used, in the “preferences.xml” file located below: C:\Users\<Username> \AppData\Local\Cisco\Cisco AnyConnect Secure Mobility Client The preferences.xml file, apart from the client certificate should show all the settings that have been changed from the default such as “Block Untrusted Servers”, “Allow local LAN access” etc. The xml file should look like below: Deleting the “preferences.xml” file should delete the cache and revert the client to its default settings, with that old profile vanishing from the end user's client cache, right away!

Checkpoint R80.10 IPSEC VPN Configuration - Part 2

Continuing from Part 1.. (Apparently, I was too drowsy to paste the pictures in that article, last night :)) 6. Multiple Entry Points (MEPs) 7. Excluded Services : Select services that shouldn’t be encrypted over the tunnel: 8. Enter and enable PSK 9. Wired Mode: Usually kept at default 10. Define the renegotiation timers for phase 1 and phase 2 in Advanced tab:

Checkpoint R80.10 - Upgrade using Blink Utility

The year is 2018. The war between the Checkpoint community across the world and Checkpoint Software Technologies Ltd. regarding the future of Checkpoint R77.30, is in full swing. The general consensus of the Checkpoint community to extend R77.30 support timeline (from the current May 2019) seems to be falling on deaf ears!! In a desperate attempt to make hay while the sun is still shining, administrators seem to be moving towards R80.10, as soon as possible. To ease things a bit, Checkpoint has created a "Blink" Utility.  Here is how it works (Make sure that you read the constraints at the bottom of this article): You have newly ordered a Checkpoint Security Gateway* for eg. CP 4600. It came with a default image R77.30, which need to be upgraded to R80.10, without going through the hassles of clean install (May be because, you do NOT want to rely on the on-site technician, or because there is no Internet connectivity (hence no online CPUSE), or because you just want to test t

Checkpoint - Exporting Objects in CSV format

Be it a Network Operations Manager, Security Architect or a Security Auditor, the people up the hierarchy always harangue the Security Engineers to compile the list of firewall objects or rules or policies or the traffic statistics and so on.. This can turn out to be quite hectic especially if there are no built in features to systematically provide the output in a "layman-readable" format. Come, Checkpoint's "Object Explorer..."  which not only provides the output in the "layman-readable" format, but also provides in-built filtering mechanisms, thereby ensuring that the Security Engineer doesn't have to rely on Google for building his scarce Microsoft Excel data filtering skills. The following screenshots will show how easy it is, with Checkpoint R80.10 to generate the firewall configuration inventory. On the SmartConsole Unified Portal, navigate to Menu >> Open Object Explorer... Select the Categories you wish to see in your output: Click o

Checkpoint WinSCP Issues - Changing Shell

Linux amateurs, Linux haters or simply easy goers.. whichever category you belong to, WinSCP is the natural tool for File Transfer within the device or to or from the device.  Not a big fan of Linux commands myself (though I seem have gained some serious expertise, thanks to my messing around with my Checkpoint installations and upgrades), I prefer using WinSCP wherever I can.  However, every now and then, WinSCP has its own way of complaining about the target shell compatibility, which it cannot connect. Something like this: How do I get around it? Simple, just login to your Checkpoint device, via CLISH, change to BASH shell and enter: " chsh -s /bin/bash admin" And that's it! Try connecting via WinSCP again and bamm.. you are in!! Happy WinSCPing :)

Checkpoint Security Gateway Offline CPUSE upgrade - R77.x to R80.x

Call me an old-fashioned Network Engineer or call it my penchant for rendering my Network skills a geeky touch, I prefer to perform my device upgrades the old fashioned way - via CLI - as and when possible. My approach towards Checkpoint upgrade is no different! Here we will perform the Checkpoint Security Gateway upgrade from R77.30 to R80.10 via Offline CPUSE (Checkpoint Upgrade Service Engine). The name should make it evident that we are not expecting the Gateway to communicate with the Checkpoint Cloud automatically or provide auto-recommendations for hotfixes or upgrades. A word of caution before you begin with the upgrade: Ensure that you have sufficient disk space. One way to ensure that is: 1. From your expert mode (bash), type " lvm_manager ". Select option 1 2. You will see the disk allocation to various partitions. Check for " lvm_log ". The optimum value for this should be 10 GB. A 7-8 GB space should suffice, but 5 GB will definitely prove to be insuffi

Checkpoint Smart Update - Licensing

So you have bought a car and filled it to the brim.. Can you drive? Of course, you can!  But would you drive? No you wouldn't... (License and Registration, pal!!) The same goes for all the proprietary devices. And Checkpoint doesn't wish to be left out of it! Following are the steps for licensing Security Gateways via Smart Update. [ Pre-requisites: 1. You already have the license ".lic" file. 2. There is already a SIC - Secure Internal Communication established between the Management Server and Security Gateway. 3. You will land in the following page, after logging into Smart Update. 4. Switch to Licenses & Contracts tab: 5. Attach the downloaded licenses: 6. The summary of the license file will be displayed below: 7. Select the Security Gateway to which you wish to attach the license: 8. The confirmation dialog box, indicates the IP address and the expiration date of the license. 9. It is a good idea to verify the same, via CLI, as follows: And viola!! The Gatew

Checkpoint R80.10 - Smart Update

It's a fine sunny morning and you are in a particularly good mood with the prospect of configuring few dozen rules on your newly upgraded Checkpoint R80.10 Management Server. You bring up your new Smart Console window: You press the login button and bammm... You go to the Checkpoint Licensing center (I will cover Checkpoint licensing in a separate article, later), get the CPLicenseFile.lic and download it. Now begins a hunt for our beloved Smart Update.. You don't find it!! That's where Google comes in "Smart Update for checkpoint R80.10".. and this is where you land (overly optimistic, if you know what I mean ) Here is how you fix the Licensing issue: 1. Locate and double-click the below file in the below directory: C:\Program Files\CheckPoint\SmartConsole\<Version>\PROGRAM\ SmartDistributor  OR C:\Program Files (x86)\CheckPoint\SmartConsole\<Version>\PROGRAM\ SmartDistributor  For Example 2. You will find the legacy Smart Update (with R77.x changed