To kill some of the domestic firewall skills

There has always been a dream: if I can find some loopholes or bugs what a good ah! So all day in the computer blindly blind research, study what? Research on how to break through the firewall (I mean the firewall is a soft body of personal firewalls, hardware I also have no conditions.) Hey, you don't say, really did not white research, but also really to me found that most of the common firewall. This bug allows us to deceive the firewall to achieve the purpose of outbound, what is the specific situation? Take a look at the explanations below!

First of all, I would like to introduce the features of Windows system, when a program is running, it can not be deleted, but it can be renamed! When the system's protected program is deleted or damaged or renamed, the system will timely call backup files to restore! I'll talk about firewalls, and we all know that many firewall "application rules" generally default to the IE browser (iexplore.exe), Outlook Express (Msimn.exe), Lsass.exe, Spoolsv.exe, MSTask.exe, Winlogon.exe, Services.exe, Svchost.exe Pass, and most firewalls think that as long as the path and file name in the rule is the same as the pass! To determine whether or not to pass this test, but it does not take into account if the other file is replaced? --the equivalent of the ancient costume film in the easy to tolerate surgery, easy to recognize after it! This gives us the opportunity, we can use this bug to deceive firewalls to achieve the purpose of outbound!

Small knowledge: In fact, most Trojans use the DLL inserted threading technology is the use of this principle, they first covert to open a certification release process (such as Iexplore.exe process), and then the DLL into the thread, and then visit the outside can easily break through the limits of the firewall- Because the firewall does not intercept the certified release of the program.

The principle is finished, let's talk about how to use this bug now! Here I use the virtual machine to do the experiment, manufacture the following conditions:

In order to be more realistic, I installed the server "Skynet Firewall", Radmin (but because the firewall specified the Access IP address, so no way to normal connection!) ), MSSQL SERVER, Serv-u. First, we use the usual method for port forwarding, to see what the firewall response!