Page 1 of 2 12 LastLast
Results 1 to 10 of 36

Thread: How To Scan A Target Behind A Router

Hybrid View

  1. #1
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    15

    Default How To Scan A Target Behind A Router

    I may have posted this in the wrong section as I'm sure newbies do not know how to answer this.

    Due to the lack of answers here from the security experts I'm assuming they think I (we) want to hack someone or something I shouldn't. I have my brothers permission and he has mine. As far as ISP TOS are concerned, Were not concerned. We will cross that bridge when we get there. Our ISP connections are our own and if we loose our accounts due to TOS violations then so be it. I see no better way of learning how to pentest a system in a real world enviroment than learning in a real world environment. Of course I'm completely open to suggestion as I may be going about this completely wrong. I do not want to loose my ISP service or be visited by one of the 3-letter people.

    On to the question.

    My brother and I are playing "Capture the flag" (Hacking each others computer) game(s). We have been doing this through LAN only but we would like to do this over the Internet due to limited time for work and family, also to learn more about pentesting.
    So, my question is How would I scan/access his computer using nmap,nessus or whatever I choose since he is behind a router and I am as well.
    I only want to access/scan/attack HIS system and not his family's.
    Sorry for my cheezy graph below but it should help explain a little better.

    |_____My System IP:192.168.100.2 (BackTrack 4 pre-final)
    |
    |
    |___Router (WAN IP: 122.111.123.123 /// LAN IP: 192.168.100.1)
    |
    |
    |_((((The InterNets))))
    |
    |
    |___Router (WAN IP: 18.16.100.5 /// LAN IP: 192.168.100.1)
    |
    |
    |_____(TARGET) His System IP:192.168.100.2 (Windows XP SP1)
    |
    |_______His Wifes System IP: 192.168.100.3
    |
    |_________His Daughters System IP: 192.168.100.4

    So to recap, the question is: How to access/scan a computer system that is behind a router?

    He has 3 active online systems (all 3 are WinXP) behind a router.
    I have nmap'ed his IP which only shows 1 active host running (best guess) Linux so I know I'm only scanning his router.

  2. #2
    Member dustyboner's Avatar
    Join Date
    Jan 2010
    Posts
    98

    Default

    Quote Originally Posted by Despotic View Post
    We have been doing this through LAN only but we would like to do this over the Internet due to limited time for work and family.
    Where did you get the 10,000 mile long cat5 cable? Your brother at MIT?

    ___122.111.123.123 server location
    | Sydney in Australia
    |
    |
    |
    |___18.16.100.5 server location:
    Cambridge in United States (MIT)

  3. #3
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    15

    Default

    Quote Originally Posted by dustyboner View Post
    Where did you get the 10,000 mile long cat5 cable? Your brother at MIT?

    ___122.111.123.123 server location
    | Sydney in Australia
    |
    |
    |
    |___18.16.100.5 server location:
    Cambridge in United States (MIT)
    LOL!
    C'mon man. Like I'm going to give the real IP's.
    I understood that I would get flamed for this post but that's just silly, I made them up.
    He is in Chattanooga, TN and I'm in GA (30 Miles)
    We ran the lan at his house only. (10 Ft.)

    So, anyone know an answer to the question asked here: How to access/scan a target behind a router?
    I might have posted this in the wrong section as I'm sure newbies do not know how to answer this.

  4. #4
    Member
    Join Date
    Jan 2010
    Posts
    102

    Default

    Haha you can even tell there fake IP's

  5. #5
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    15

    Default

    Quote Originally Posted by TheGameAU View Post
    Haha you can even tell there fake IP's
    Exactly, I assumed that would have been clear.

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    If there was a test for extreme basic tcp/ip questions this would be the first and easiest one. Frankly if you dont understand NAT then you have no business attacking any one friend or not.

  7. #7
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by Despotic View Post
    So, anyone know an answer to the question asked here: How to access/scan a target behind a router?
    I might have posted this in the wrong section as I'm sure newbies do not know how to answer this.
    Read some TCP/IP Basics, http://support.microsoft.com/kb/164015, http://www.tcpipguide.com/free/t_toc.htm, http://www.cisco.com/en/US/docs/inte...Protocols.html.
    Read about NATing http://www.2000trainers.com/security...on-nat-basics/, http://en.wikipedia.org/wiki/Network...ss_translation.
    Read RFC 1918.
    Checkout browserspy.dk: http://browserspy.dk/

    Then, Try your google'fu on some terms like:
    - Firewalk / Firewalking (no not the type they do in the Bahamas)
    - JavaScript port scanner
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  8. #8
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    15

    Default

    Thank you guys for all the great responses.

    Thorin, you and a few others have gone above and beyond helping by taking the time to post links and responding to such a newbie question. It may seem like a simple thing to some people but for someone to take the time out of their day to do the research and actually post links to help another person, especially a newbie, is simply awesome.

    Thank You, Your time is greatly appreciated!

  9. #9
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    1

    Default Zombie.......

    It is possible to turn certain hosts into zombies (on the network border that might be poorly configured), with which you can tunnel your scans through that host. Not only will it get you into the LAN's hosts, it will appear the scans are coming from that particular host that is being used as the zombie system. Hope this helps, yet it isn't easy finding a host that vulnerable on the border unless he maybe has a printer or something along those lines in a DMZ.

  10. #10
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default

    Look up ACK flag in tcp header. NAT assigns a different port on the outside ports from whats send from the inside port.
    They would still have to connect out, and you guess what port the router assigned, SOHO routers

    In theroy

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •