I may have posted this in the wrong section as I'm sure newbies do not know how to answer this.
Due to the lack of answers here from the security experts I'm assuming they think I (we) want to hack someone or something I shouldn't. I have my brothers permission and he has mine. As far as ISP TOS are concerned, Were not concerned. We will cross that bridge when we get there. Our ISP connections are our own and if we loose our accounts due to TOS violations then so be it. I see no better way of learning how to pentest a system in a real world enviroment than learning in a real world environment. Of course I'm completely open to suggestion as I may be going about this completely wrong. I do not want to loose my ISP service or be visited by one of the 3-letter people.
On to the question.
My brother and I are playing "Capture the flag" (Hacking each others computer) game(s). We have been doing this through LAN only but we would like to do this over the Internet due to limited time for work and family, also to learn more about pentesting.
So, my question is How would I scan/access his computer using nmap,nessus or whatever I choose since he is behind a router and I am as well.
I only want to access/scan/attack HIS system and not his family's.
Sorry for my cheezy graph below but it should help explain a little better.
|_____My System IP:192.168.100.2 (BackTrack 4 pre-final)
|___Router (WAN IP: 220.127.116.11 /// LAN IP: 192.168.100.1)
|___Router (WAN IP: 18.104.22.168 /// LAN IP: 192.168.100.1)
|_____(TARGET) His System IP:192.168.100.2 (Windows XP SP1)
|_______His Wifes System IP: 192.168.100.3
|_________His Daughters System IP: 192.168.100.4
So to recap, the question is: How to access/scan a computer system that is behind a router?
He has 3 active online systems (all 3 are WinXP) behind a router.
I have nmap'ed his IP which only shows 1 active host running (best guess) Linux so I know I'm only scanning his router.
C'mon man. Like I'm going to give the real IP's.
I understood that I would get flamed for this post but that's just silly, I made them up.
He is in Chattanooga, TN and I'm in GA (30 Miles)
We ran the lan at his house only. (10 Ft.)
So, anyone know an answer to the question asked here: How to access/scan a target behind a router?
I might have posted this in the wrong section as I'm sure newbies do not know how to answer this.
Haha you can even tell there fake IP's
If there was a test for extreme basic tcp/ip questions this would be the first and easiest one. Frankly if you dont understand NAT then you have no business attacking any one friend or not.
However, while I'm learning could you point me in the right direction please?
are we talking about headers, datagrams and packets
Is this correct?
So in order to scan/access his computer I would need to assign the correct port to the scanner?Each computer on the private network uses the same address but is given a different port number. Basically, the port is an extension of the IP address.
Wouldnt that limit me to only scanning/exploiting that one port?
This is getting confusing!
From what I'm understanding is that I can only access his computer through the open ports on the router.
A nmap scan shows only 2 open ports (80, 27015) even though I know for a fact that he is running a bittorrent client/server, yahoo messenger, limewire client/server, mIRC, and a counter-strike game both client and server. I see the game server port but shouldn't the other services or Virtual Server ports show up as well, such as the bittorrent and limewire ports?
Wouldn't these ports need to be forwarded in order to access his system? and if so why are they not showing up?
You gotta go to your friend's house and go into his router settings. You need to go to NAT settings., and then to "Incoming NAT". You need to associate a certain incoming port number (e.g. TCP 445) with a particular private IP address on his LAN.
Do a web search for "Network Address Translation" to learn more.
Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".
Look up ACK flag in tcp header. NAT assigns a different port on the outside ports from whats send from the inside port.
They would still have to connect out, and you guess what port the router assigned, SOHO routers
Plus ports which are initiated by the program inside nat are called dynamic so they are not necessarily "open" or a entry vector.