Lately, I have been watching many website administrators opting in for CloudFlare security as this seems to protect their website from many attacks, the Denial of Service to say the least.
So how, as a Penetration tester.. or just out of anxiety, curiosity, whatever are you going to get to the real machine?
You need the IP address right?
Today, I am going to teach you how to bypass the CloudFlare security to get the real IP address of the target site.
Lets begin with pinging the site so that we get to see what IP address responds back.
Here we go:
Oh! So the IP seems to be 104.x.x.x
Lets try opening the same in the browser.
Omg! See what we got! CloudFlare has denied Direct IP access.
Next what? Should we lose hope and let CloudFlare decide the end of our penetration testing?
Nah!! We are going to bypass this and identify the real IP address on which this website is hosted.
Uhm, okay! Here we are going to enumerate the hosts via DNS. For this, we are going to use a cool script in perl, called "fierce" which is perfect for the required work.
Download the tool from: http://ha.ckers.org/fierce/
Now get the tool into some action, as follows:
P.s: You do not need to prefix every syntax shown here with 'proxychains'.
That is not really required. Just used it to work out with proxy.
..and wait for the tool to get its work done, while you have your tea! Coffee is not a bad option though, but I prefer tea.. special tea! ;)
After the work is done, you get this sort of output:
Hey! Don't be surprised by this. They do simply show us the targets inside and outside this corporate network in which we are interested.
All is well until now!
Now, we need to find the specific IP of the target, and for this I did see all the retrieved host IPs and then checked out for random IPs from the list, and found this particular host interesting, as it caught my eyes.
Yea! This looks interesting, right?
So, I just did paste-in the IP in the address bar, and Eureka! :) :)
We did it! Yayyy!!! ;) :)
Phew! We finally did get the real IP of the target.
Now, we need to continue with the port scanning, vulnerability identification, and those traditional methods of trade leading to the exploitation and payload generation, et al.
Done! :)
Follow the generic pentesting methods from here! :)
All the best!
Gr33tz t0: F-r0Z,GSM50,Guy244,i-maD,KANK,sajjutxt
~The CliQue~
So how, as a Penetration tester.. or just out of anxiety, curiosity, whatever are you going to get to the real machine?
You need the IP address right?
Today, I am going to teach you how to bypass the CloudFlare security to get the real IP address of the target site.
Lets begin with pinging the site so that we get to see what IP address responds back.
Here we go:
Oh! So the IP seems to be 104.x.x.x
Lets try opening the same in the browser.
Omg! See what we got! CloudFlare has denied Direct IP access.
Next what? Should we lose hope and let CloudFlare decide the end of our penetration testing?
Nah!! We are going to bypass this and identify the real IP address on which this website is hosted.
Uhm, okay! Here we are going to enumerate the hosts via DNS. For this, we are going to use a cool script in perl, called "fierce" which is perfect for the required work.
Download the tool from: http://ha.ckers.org/fierce/
Now get the tool into some action, as follows:
P.s: You do not need to prefix every syntax shown here with 'proxychains'.
That is not really required. Just used it to work out with proxy.
..and wait for the tool to get its work done, while you have your tea! Coffee is not a bad option though, but I prefer tea.. special tea! ;)
After the work is done, you get this sort of output:
Hey! Don't be surprised by this. They do simply show us the targets inside and outside this corporate network in which we are interested.
All is well until now!
Now, we need to find the specific IP of the target, and for this I did see all the retrieved host IPs and then checked out for random IPs from the list, and found this particular host interesting, as it caught my eyes.
Yea! This looks interesting, right?
So, I just did paste-in the IP in the address bar, and Eureka! :) :)
We did it! Yayyy!!! ;) :)
Phew! We finally did get the real IP of the target.
Now, we need to continue with the port scanning, vulnerability identification, and those traditional methods of trade leading to the exploitation and payload generation, et al.
Done! :)
Follow the generic pentesting methods from here! :)
All the best!
Gr33tz t0: F-r0Z,GSM50,Guy244,i-maD,KANK,sajjutxt
~The CliQue~