Penetration Testing mailing list archives
Re: Router Access
From: Dan Henage <mckennage () gmail com>
Date: Wed, 1 Jun 2005 17:35:14 -0700
Since they are likely running NAT and DHCP on the LAN behind the Linksys router (this is typical for small businesses), there is a lot you can do. For example, if they are using DHCP, you can change the DNS servers on the router to point to a DNS server you control, and use that to force users to invalid web sites without their knowledge (such as a phishing attack). Also, I usually like to look at the list of current DHCP clients in the DHCP clients table. You can get some information there such as the names and IP addresses. If you are doing a remote test, then you can set the DMZ host to the first of those clients, do a complete port scan and VA, then change the DMZ to the second host, and so on. This will allow you almost direct access to all the clients on the LAN. You can also guess IP addresses for clients that might not be using DHCP, or possibly figure out a way to use logging on the router to see what traffic is going out. Also, you might be able to upload hacked firmware to the router to get additional functionality, such as a Linux shell on the router. This way you might be able to do things like sniff all traffic and have it forwarded to you. Obviously that's going to be very intrusive. Dan Henage On 6/1/05, Sherwyn Williams <sherwill22 () tmail com> wrote:
This might be a dumb question but here goes! once someone gets access to a say linksys for instance apart from setting up remote access to the router, or getting the clients real ipaddress, what else can someone do. I am doing a pentest, and I want to show what are some of the ways that someone can use the router acess to the advantage. Sherwyn Williams Technical Consultant (917) 650-5139 Sherwill22 () tmail com
Current thread:
- Router Access Sherwyn Williams (Jun 01)
- Re: Router Access Michael J McCafferty (Jun 02)
- Re: Router Access Matt (Jun 02)
- Lan access via wifi Sherwyn Williams (Jun 06)
- Re: Lan access via wifi Jose Selvi (Jun 06)
- Message not available
- Message not available
- Message not available
- Re: Lan access via wifi Sherwyn Williams (Jun 06)
- Re: Lan access via wifi Peter Van Epp (Jun 06)
- Re: Lan access via wifi Sherwyn Williams (Jun 07)
- Re: Lan access via wifi DokFLeed (Jun 07)
- Lan access via wifi Sherwyn Williams (Jun 06)