Penetration Testing mailing list archives
Re: Router Access
From: Gareth Davies <gareth.davies () mynetsec com>
Date: Thu, 02 Jun 2005 14:59:11 +0800
Sherwyn Williams wrote:
According to the internal IP address structure (from the router internal interface) you can set port forwards to the inside.This might be a dumb question but here goes!once someone gets access to a say linksys for instance apart from setting up remote access to the router, or getting the clients real ipaddress, what else can someone do. I am doing a pentest, and I want to show what are some of the ways that someone can use the router acess to the advantage.Sherwyn Williams Technical Consultant (917) 650-5139 Sherwill22 () tmail com
A good way to do this is:a) Check existing port forwards on the router config (you might locate the mail or web server for example)
b) Check the DHCP config for currently leased addresses to find active machines on the network
c) Some routers have a NAT table which will show active connections, this can help you identify more machines.
When you have located an internal server use the routers fake 'DMZ' feature which basically forwards all ports to an internal IP, it would be time consuming but you could effectively compromise any insecure machine on the private network using these techniques.
Cheers -- Gareth Davies Manager - Security Practice Network Security Solutions MSC Sdn. Bhd. Suite E-07-21, Block E, Plaza Mont' Kiara, No. 2 Jalan Kiara, Mont’ Kiara, 50480Kuala Lumpur, Malaysia Phone: +603-6203 5303
www.mynetsec.com
Current thread:
- Re: Lan access via wifi, (continued)
- Re: Lan access via wifi Jose Selvi (Jun 06)
- Message not available
- Message not available
- Message not available
- Re: Lan access via wifi Sherwyn Williams (Jun 06)
- Re: Lan access via wifi Peter Van Epp (Jun 06)
- Re: Lan access via wifi Sherwyn Williams (Jun 07)
- Re: Lan access via wifi DokFLeed (Jun 07)