This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
mnocciolino
Explorer
‎2023-11-08 08:55 AM

Get bash to Cluster member from Management

Hi,

This is my seccond post. Enjoy!!

This procedure is for accessing a firewall from the Management, using rshell with

cprid_util

Tested in R81, R81.10.

Not test in R80.XX, but i think will be work

 

Prerequisites:

- Access to Management

 

1) Access via SSH to Management.

Execute the script rshell.sh attached

mnocciolino_0-1699462354828.png

 

In the 1st field put the Management IP

In the 2nd field put the Gateway IP

 

2) After entering the 2 IPs, you will get access to the Gateway without password as admin user.

mnocciolino_1-1699462354990.png

 

This is a not bash console, to jump bash you need put the detail commands.

script /dev/null -c bash
PRESS -> "CTRL+Z"
stty raw -echo; fg
reset xterm

mnocciolino_2-1699462354833.png

 

3) After entering the commands, you will have access to the Gateway. 

mnocciolino_3-1699462354967.png

 

4) After you finish using, and try to exit, you will get the following (broken terminal):

mnocciolino_4-1699462355105.png

 

to mitigate this, enter the command: "reset xterm" or close the terminal and open a new one.

-----------

Any suggestions or comments are welcome

mnocciolino

rshell.sh
Preview file
2 KB
0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2023-11-08 02:17 PM

cprid has been there for quite some time (going back to at least R5x days).
It also works on SMB appliances, though be aware of this: https://community.checkpoint.com/t5/SMB-Gateways-Spark/Output-of-cprid-truncated-after-receiving-600...

However, I'm pretty sure it's not meant for interactive use, only executing specific commands.
Therefore, you might find some issues that result from using it in this manner.

0 Kudos
mnocciolino
Explorer
‎2023-11-10 04:56 AM
In response to PhoneBoy

Hi PhoneBoy,

I only use cprid to execute the "rshell" command, I do not use cprid to transmit data.

I used this to reset the admin password, because they didn't remember the password.
I also used it once because there was no way to reach the management ip, and I logged in to see what the problem might be.

thank you for your reply.

0 Kudos
PhoneBoy
Admin
Admin
‎2023-11-10 07:27 AM
In response to mnocciolino

It's not the transmission of data that's an issue, it's the interactive nature of using a shell as you're doing.
Like I said, not sure how that will work over cprid in every case, but it is clever. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events
    Top