Results 1 to 10 of 10

Thread: two questions

  1. #1
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default two questions

    I want to do some remote testing on my home network today, and I have two questions,

    one:

    How can I attack a remote system (live cd:ip 192.168.1.100) over the internet? I may not have a a full understanding, but I was under the impression that private Ips are not routable over the internet, so I don't know if I could, which begs the question of how a pentester does a remote test of a client.

    Two:

    Is it legal to use a public wi-fi hot spot for hacking your own systems? I would assume the tos of the hot spot would be the issue here, but im thinking, running an nmap scan even just against one computer, could cause bandwidth issues for other users, that is more of an ethical delima however.
    "You're only smoke and mirrors..."

  2. #2
    Just burned his ISO
    Join Date
    Feb 2010
    Posts
    8

    Default

    First, correct - private IP addresses are not routable over the Internet. You will need to configure address translation or port forwarding on your router.

    Second, what are you actually targeting? If you haven't already configured the address translation or port forwarding above then nothing will actually be visible on your client machine to the Internet. There may be some administration/management ports open on your router but that will probably be it.

    Finally, if it's your own private network and you don't have any public services running, then you may as well just test your machine over the local network.

  3. #3
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by SephStorm View Post
    Two:
    Is it legal to use a public wi-fi hot spot for hacking your own systems? I would assume the tos of the hot spot would be the issue here, but im thinking, running an nmap scan even just against one computer, could cause bandwidth issues for other users, that is more of an ethical delima however.
    We will expect a brief synopsis by your next post.
    Legal Issues

    As far as it being an ethical dilemma I doubt it. While ethics may come into play it is not a dilemma.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  4. #4
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by SephStorm View Post
    I want to do some remote testing on my home network today, and I have two questions,

    one:

    How can I attack a remote system (live cd:ip 192.168.1.100) over the internet? I may not have a a full understanding, but I was under the impression that private Ips are not routable over the internet,
    They are not. What you need to know is the public IP address of your router. Most routers display that information on the Status page. After that, it's a matter of getting through the NAT/firewall.

    Quote Originally Posted by SephStorm View Post
    which begs the question of how a pentester does a remote test of a client.
    It's a secret. You have to be in the He-Man Pentesters Club before we tell you.

    Seriously, it's just like with a home network; you have to know the client's public IP(s). Business networks and home networks are alike in that matter. The trick is discovering that IP. Sometimes it's easy, and sometimes it's a harder. A lot of it depends on the what type of pen test (black, gray or white box) you're doing, and how the client has their network configured.

    Quote Originally Posted by SephStorm View Post
    Two:

    Is it legal to use a public wi-fi hot spot for hacking your own systems? I would assume the tos of the hot spot would be the issue here, but im thinking, running an nmap scan even just against one computer, could cause bandwidth issues for other users, that is more of an ethical delima however.
    Yes, TOS will be the major issue. Most TOS's will say something to the affect that you "cannot hack" and that scanning tools are considered the tools of the devil and "evi1 1337 h4x0rz" in that order. If the hot spot operator has an IDS/IPS and thinks that you're doing something that violates the TOS, you may be tossed out on your butt and told never to return.

    As to the bandwidth concerns, that's a matter of good old "RTFM" with most tools. For instance, Nmap has a number of settings that will effect the speed that it runs, and the amount of bandwidth it will consume. You can do things like limit yourself to the top common TCP ports (there's about six or eight), or do a slow scan, that spreads the scan packets out over time. While the intent of the slow scan is to evade an IDS/IPS, it won't consume a large amount of bandwidth, as the packets are spread over a much larger amount of time than they would be normally.
    Thorn
    Stop the TSA now! Boycott the airlines.

  5. #5
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    I decided not to run the test today, mainly because I shut the machine down before I left home, well, that and I still cant get the hang of configuring wifi in linux, but thats another story...

    Serif: I am targeting a machine on my private network from a laptop on a different network. This seems like a more realistic approach, as most attackers (hopefully) aren't on your network. I'm not doing remote management, just scanning.

    We will expect a brief synopsis by your next post.
    ? You want a synopsis of what I read? Well, in short, I am own the target network, so i'm good on that, I could try to contact the ISP of the wifi hot spot, which would probuly be worthless, as I am using the spot for a short period of time, and obtaining written permission within an hour is unlikely. The best solution would be to speak with the individuals in charge of the hot spot. That would not be difficult in this case, being that I work here, and the boss is okay, but this information was also for future reference.

    Thorn: Thanks, I am aware of the phase of pentesting that deals with recon, but I have no opportunity as of yet to test it, being that I only work on my own network. I am also aware of the scan options avalible in nmap(I have the book, but it is huge), but I am certainly no expert. In time I hope to have a good lab where I can set up an effective learning enviroment.
    "You're only smoke and mirrors..."

  6. #6
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by SephStorm View Post
    I decided not to run the test today, mainly because I shut the machine down before I left home, well, that and I still cant get the hang of configuring wifi in linux, but thats another story...
    Which begs the question of, "If you can't get the basics down why move on? It's rhetorical by the way.

    ? You want a synopsis of what I read?
    Effectively yes.


    Well, in short, I am own the target network, so i'm good on that, I could try to contact the ISP of the wifi hot spot, which would probuly be worthless, as I am using the spot for a short period of time, and obtaining written permission within an hour is unlikely. The best solution would be to speak with the individuals in charge of the hot spot. That would not be difficult in this case, being that I work here, and the boss is okay, but this information was also for future reference.
    One would also need to remember that even though you have permission on one network does not mean you have that same permission on another network. Each node between you and your target may have different TOS/AUP in place. Take a look at the link I gave you it does contain a lot of good info, first and foremost the advice of a lawyer is going to be one of your best bets.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #7
    Senior Member Thorn's Avatar
    Join Date
    Jan 2010
    Location
    The Green Dome
    Posts
    1,509

    Default

    Quote Originally Posted by SephStorm View Post
    This seems like a more realistic approach, as most attackers (hopefully) aren't on your network.
    You might be surprised. Check the stats sometimes. Hopefully, that isn't the case on your home network.

    Quote Originally Posted by SephStorm View Post
    Thorn: Thanks, I am aware of the phase of pentesting that deals with recon, but I have no opportunity as of yet to test it, being that I only work on my own network. I am also aware of the scan options avalible in nmap(I have the book, but it is huge), but I am certainly no expert. In time I hope to have a good lab where I can set up an effective learning enviroment.
    You're welcome. Try the ZenMap (Windows GUI) version. It allows you to see the command line options change as you mix and match them. Once you get used to seeing what happens with different options, it becomes easier to use the command line version in either Windows or *nix.
    Thorn
    Stop the TSA now! Boycott the airlines.

  8. #8
    Senior Member SephStorm's Avatar
    Join Date
    Aug 2008
    Posts
    166

    Default

    Thanks for the advice Thorn, I've never looked at zenmap.

    Amael, thanks for the advice. Is that really you in your av? I have to stop and look at it everytime I see it.
    "You're only smoke and mirrors..."

  9. #9
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by SephStorm View Post
    Amael, thanks for the advice. Is that really you in your av? I have to stop and look at it everytime I see it.
    No it's not me.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  10. #10
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by SephStorm View Post
    one:

    How can I attack a remote system (live cd:ip 192.168.1.100) over the internet? I may not have a a full understanding, but I was under the impression that private Ips are not routable over the internet, so I don't know if I could, which begs the question of how a pentester does a remote test of a client.
    You're correct RFC1918 addresses are not route-able over the internet.

    Two:

    Is it legal to use a public wi-fi hot spot for hacking your own systems? I would assume the tos of the hot spot would be the issue here, but im thinking, running an nmap scan even just against one computer, could cause bandwidth issues for other users, that is more of an ethical delima however.
    Chances are doing so would break the Terms of Service for the public hotspot or for the ISP which services the company offering the hotspot. While obviously you'd have permission to test or hack your own systems doing so on connections that aren't yours could land you in trouble.
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •