I know About your FortiGate

Author - Anandraj Amaran
February 13, 2019



Dear all, In this article going to explain about how I collected Internet facing FortiGate firewalls and gathered the information of those devices.


HTTP HEADER ANALYSIS

As per the HTTP header analysis with multiple FortiGate firewalls , I understood that they are using the default header in all the model devices.Below I am providing the HTTP header of my testing Firewall.



We going to use Server parameter as our key to track and find FortiGate devices.


SHODAN SEARCH ENGINE


To continue this process we required Shodan vulnerability Search engine login.

goto https://www.shodan.io/ and login



STEP 1 
  •  In search bar enter the key words     server: "xxxxxxxx-xxxxx"   and enter
  • The search result will provide the globally Internet facing FortiGate devices list.
  • Here we got 354,525 FortiGate firewalls details from Shodan search engine.






Along with this result Shodan provides multiple options to filter the results.


STEP 2

With help of Shodan filter in this step we going to identify the Internet facing FortiGate devices available in Bangalore,India location.

To filter the location we have to use the country and City filters.

I used below search query to satisfy the requirement.

                 server: "xxxxxxxx-xxxxx" country:"IN" city:"Bangalore"



As per the Shodan result we came to know that in Bangalore around 1395 internet facing FortiGate devices are available.


STEP 4 : INFORMATION GATHERING 

 If the FortiGate using the Built in certificate for HTTPS communication we can get the model and serial number of the device from the SSL certificate like below.





I chosen a IP from Shodan list and got FortiGate login page via HTTPS connection with Built-in certificate.

As per the certificate information, the particular user having FortiGate firewall model 100D and their Serial number is FGT100D3GXXXXXXX.

If you got below login page , which FortiGate running on 5.2.+ FortiOS version


GOOGLE DORK METHOD 

Vulnerability:  Private IP leakage while applying application control for Webserver 


While querying Google with "Application Control Violation" google bot will give result of all FortiGate devices which are available in internet with PRIVATE IPs of server and IPv4 Policy details.




By this way we can find and gather information about internet facing  FortiGate firewall.


Tags

You may like these posts

Show more

Post a Comment

0Comments
Post a Comment (0)
Share to other apps
Copy Post Link