Penetration Testing mailing list archives
Re: Router Access
From: Michael <blackavar () citizensofgravity com>
Date: Wed, 01 Jun 2005 21:47:58 -0400
Hmmm... this is fun, let me think...You could use the port forwarding/NAT on the router to set up whatever server applications you want on an internal machine (this is where you have to worry about your internal customers... how many hotels with free high-speed have default user/pass set on their DSL routers? ta-daaa, no reason to stop BitTorrenting when you're on the road.
Or, if you want to be more broadly evil (again, w/o hurting the router itself,) you could change port forwarding from a trusted internal server to something you control on the inside that would allow you to deliver a browser-based attack, a phishing attack, harvest VPN or intranet passwords, etc.
Or, if it's a Netgear or something that's polite enough to tell you what's currently connected, you could then enumerate internal hosts on the network, and then use the port forwarding function to do vulnerability testing from outside :-)
You could turn content filtering off, if it's on, to allow you to tunnel in or out of the network.
The router might contain VPN settings for another remote host.If you're on, say, a branch office of a larger network, then even the logs might be interesting for helping you to enumerate the topology of the larger network
Have fun :-) -Mike
Current thread:
- Lan access via wifi, (continued)
- Lan access via wifi Sherwyn Williams (Jun 06)
- Re: Lan access via wifi Jose Selvi (Jun 06)
- Message not available
- Message not available
- Message not available
- Re: Lan access via wifi Sherwyn Williams (Jun 06)
- Re: Lan access via wifi Peter Van Epp (Jun 06)
- Re: Lan access via wifi Sherwyn Williams (Jun 07)
- Re: Lan access via wifi DokFLeed (Jun 07)
- Lan access via wifi Sherwyn Williams (Jun 06)