From Wikipedia “In computer networking, port knocking is a method of externally opening ports on a firewall by generating a connection attempt on a set of prespecified closed ports. Once a correct sequence of connection attempts is received, the firewall rules are dynamically modified to allow the host which sent the connection attempts to connect over specific port(s).”[1]
Install the Knockd Service and Client
sudo apt-get install knockd
A challenge may include using knock
client and the default knockd sequence to open a new port(s). It is recommended that you scan the client namp -sV -p- -T5 [ipaddress]
. This will show the current open port(s) and service/version information. Try the knocked default sequence knock -v [ipaddress] 7000 8000 9000
.
There will be no immediate indication that a port has opened after knocking, as you will have to re-scan and compare to find the new open port. More than likely there is a time limit on how long the new port will stay open and available for access.
PROTIP: You may have to use “wget” to extract the flag. The command wget --no-check-certficate https://webaddress:port
might extract the page hosted on the open port.
KnockdEfault Evaluator v1.1 – knock-knock
The two tools in this package are knockdefault.py and knockd_on-off.py. The first of these is a scanner to identify default configs and the latter is a utility to interact with identified vulnerable services.[2]
root@kali:~# git clone https://github.com/hack1thu7ch/knock-knock.git
root@kali:~# cd knock-knock/
root@kali:~# ./setup.sh
root@kali:~# ./knockdefault.py
Web Citations:
[1] http://en.wikipedia.org/wiki/Port_knocking
[2] http://www.shortbus.ninja/default-knockd-cloaking-configurations/