Page 2 of 6 FirstFirst 1234 ... LastLast
Results 11 to 20 of 56

Thread: Pwning residential routers/modems?

  1. #11
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default

    Quote Originally Posted by ShadowKill View Post
    See tunneling........
    I think I understand what tunnelling is... For example within my work network I have port 1723 sent to a internal VPN server. Unless you are referring to something different? But if that is the case, to do that I have admin access to our firewall. But in a pentest where one wouldn’t have admin access to the firewall or router. So how would I do such a thing with out that sort of access?

    Sorry if what I am asking sounds a bit much, but some info/documents on this subject would be great.

  2. #12
    Member hawaii67's Avatar
    Join Date
    Feb 2006
    Posts
    318

    Default

    You cannot attack the victim PC without interaction of the victim since it sits behind a NAt device.
    You could prepare a webpage with some malware javascript to own the victim's browser, send a link to it via email and wait till the victim clicks it. Maybe you also want to check out BeEf:
    http://bindshell.net/tools/beef
    Don't eat yellow snow :rolleyes:

  3. #13
    Junior Member SBerry's Avatar
    Join Date
    Dec 2007
    Posts
    94

    Default

    Beef is the dogs Bollo*

  4. #14
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default

    Quote Originally Posted by hawaii67 View Post
    You cannot attack the victim PC without interaction of the victim since it sits behind a NAt device.
    You could prepare a webpage with some malware javascript to own the victim's browser, send a link to it via email and wait till the victim clicks it. Maybe you also want to check out BeEf:
    http://bindshell.net/tools/beef
    Thanks for that, i was starting to think along those lines. As i couldn't find much on google... The more I learn, the more I realise that social engineering really is the best way

  5. #15
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by Dissident85 View Post
    Thanks for that, i was starting to think along those lines. As i couldn't find much on google... The more I learn, the more I realise that social engineering really is the best way
    The best way to what? Get into your own router?

    Weird.....



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  6. #16
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default

    Quote Originally Posted by ShadowKill View Post
    The best way to what? Get into your own router?

    Weird.....
    *Rolls eyes* lol... no, the more I learn the more I realise that the best way to conduct a successful pentest is to use social engineering, well the bulk of it…

  7. #17
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by Dissident85 View Post
    *Rolls eyes* lol... no, the more I learn the more I realise that the best way to conduct a successful pentest is to use social engineering, well the bulk of it…
    It depends on the conditions of your contract really. Depending on whether it's a black/white box test SE may not be appropriate. Also, rigorous anti-SE training may be a regular occurance wherever you are conducting the test, and it may tip someone off that you are trying to "get in", making the rest of your test that much harder, essentially.



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

  8. #18
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by ShadowKill View Post
    Also, rigorous anti-SE training may be a regular occurance wherever you are conducting the test, and it may tip someone off that you are trying to "get in", making the rest of your test that much harder, essentially.
    I see this becoming more and more the norm in companies, and IT should be taking the steps to teach their users how to spot SE and how to avoid falling victim to it.

    I've done Powerpoint presentations here explaining many different aspects of SE. Whenever I hear of some new trick, like the USB dongle in the parking lot trick, I inform my staff of things to look out for.

    My people at this point, won't put anything in their PC that came from the public, they bring it to me for checkout first. So users really are trainable.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  9. #19
    Member Dissident85's Avatar
    Join Date
    Jun 2008
    Posts
    127

    Default

    Quote Originally Posted by ShadowKill View Post
    Also, rigorous anti-SE training may be a regular occurance wherever you are conducting the test, and it may tip someone off that you are trying to "get in", making the rest of your test that much harder, essentially.
    I work for a company where I was employed as a web developer. But as my knowledge of networks/network security increases I am slowly starting to take over the roll of administrating it. And that just happens to be one of the first things I did, educate people…. But lucky for me we are a small company and I now have everyone running everything that could be remotely related by me…

    Quote Originally Posted by ShadowKill View Post
    a black/white box test
    White or black box test???

  10. #20
    Senior Member ShadowKill's Avatar
    Join Date
    Dec 2007
    Posts
    908

    Default

    Quote Originally Posted by Dissident85 View Post
    ...

    ...

    White or black box test???
    Exercise your Google'Fu my friends. They are levels of restrictions put on penetration tests. White Boxing allows for more/some initial information and/or access to the system being tested whereas Black Boxing takes the rolse of an outsider with potentially no information about the target system(s).



    "The goal of every man should be to continue living even after he can no longer draw breath."

    ~ShadowKill

Page 2 of 6 FirstFirst 1234 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •