Almost all Intrusion Detection and Prevention Systems (IDS/IPS) can be bypassed. No matter it is commercial or open source, they can be bypassed by any skilled attacker. I am running my home brewed Intrusion Prevention System for over 2 years. It becomes mature and I decided to carry out a bypass test against it.
My plan is to conduct the Application Layer (Layer 7) exploitation behind my IPS. Normally, almost all attacks are from the external. However, I am trying to do it from internal to external.
I picked up one live web site which is vulnerable to Wordpress vulnerability. I carried out the exploitation from the internal and it is not surprised that I can dump the database from the said site. I successfully bypass the IPS from my internal network. I know that there are different rules for external and internal traffic. At least I know that I can do it from internal and it is not very hard from external, I think.
The following are the database that dumped from the said site (some characters are masked in order to protect the victim) :
Several years ago, I conducted an exploitation test to see if the system can log down the attack or not. The final result is that it cannot. You can watch the video at here. Similarly, I also conducted a test to bypass some famous Anti-Virus programs. The final result is that it can be bypassed very easily. You can watch the video at here.
In conclusion, those security measures are just like our lock on the door and metal gate in front of our houses. They should be there but they cannot fully protect you from being burgled if intruder find a way in. Therefore, we should not fully relying on those security devices and/or programs as well as log checking. Make sure your networks or systems are in excellent security condition. Be remember that the strongest security is at the weakest point. 99 percent secure is a 100 percent insecure. The most dangerous is that you believe it is secured.
That's all! See you.
