Page 1 of 4 123 ... LastLast
Results 1 to 10 of 36

Thread: How To Scan A Target Behind A Router

  1. #1
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    15

    Default How To Scan A Target Behind A Router

    I may have posted this in the wrong section as I'm sure newbies do not know how to answer this.

    Due to the lack of answers here from the security experts I'm assuming they think I (we) want to hack someone or something I shouldn't. I have my brothers permission and he has mine. As far as ISP TOS are concerned, Were not concerned. We will cross that bridge when we get there. Our ISP connections are our own and if we loose our accounts due to TOS violations then so be it. I see no better way of learning how to pentest a system in a real world enviroment than learning in a real world environment. Of course I'm completely open to suggestion as I may be going about this completely wrong. I do not want to loose my ISP service or be visited by one of the 3-letter people.

    On to the question.

    My brother and I are playing "Capture the flag" (Hacking each others computer) game(s). We have been doing this through LAN only but we would like to do this over the Internet due to limited time for work and family, also to learn more about pentesting.
    So, my question is How would I scan/access his computer using nmap,nessus or whatever I choose since he is behind a router and I am as well.
    I only want to access/scan/attack HIS system and not his family's.
    Sorry for my cheezy graph below but it should help explain a little better.

    |_____My System IP:192.168.100.2 (BackTrack 4 pre-final)
    |
    |
    |___Router (WAN IP: 122.111.123.123 /// LAN IP: 192.168.100.1)
    |
    |
    |_((((The InterNets))))
    |
    |
    |___Router (WAN IP: 18.16.100.5 /// LAN IP: 192.168.100.1)
    |
    |
    |_____(TARGET) His System IP:192.168.100.2 (Windows XP SP1)
    |
    |_______His Wifes System IP: 192.168.100.3
    |
    |_________His Daughters System IP: 192.168.100.4

    So to recap, the question is: How to access/scan a computer system that is behind a router?

    He has 3 active online systems (all 3 are WinXP) behind a router.
    I have nmap'ed his IP which only shows 1 active host running (best guess) Linux so I know I'm only scanning his router.

  2. #2
    Member dustyboner's Avatar
    Join Date
    Jan 2010
    Posts
    98

    Default

    Quote Originally Posted by Despotic View Post
    We have been doing this through LAN only but we would like to do this over the Internet due to limited time for work and family.
    Where did you get the 10,000 mile long cat5 cable? Your brother at MIT?

    ___122.111.123.123 server location
    | Sydney in Australia
    |
    |
    |
    |___18.16.100.5 server location:
    Cambridge in United States (MIT)

  3. #3
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    15

    Default

    Quote Originally Posted by dustyboner View Post
    Where did you get the 10,000 mile long cat5 cable? Your brother at MIT?

    ___122.111.123.123 server location
    | Sydney in Australia
    |
    |
    |
    |___18.16.100.5 server location:
    Cambridge in United States (MIT)
    LOL!
    C'mon man. Like I'm going to give the real IP's.
    I understood that I would get flamed for this post but that's just silly, I made them up.
    He is in Chattanooga, TN and I'm in GA (30 Miles)
    We ran the lan at his house only. (10 Ft.)

    So, anyone know an answer to the question asked here: How to access/scan a target behind a router?
    I might have posted this in the wrong section as I'm sure newbies do not know how to answer this.

  4. #4
    Member
    Join Date
    Jan 2010
    Posts
    102

    Default

    Haha you can even tell there fake IP's

  5. #5
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    15

    Default

    Quote Originally Posted by TheGameAU View Post
    Haha you can even tell there fake IP's
    Exactly, I assumed that would have been clear.

  6. #6
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    If there was a test for extreme basic tcp/ip questions this would be the first and easiest one. Frankly if you dont understand NAT then you have no business attacking any one friend or not.

  7. #7
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    15

    Default

    Quote Originally Posted by pureh@te View Post
    If there was a test for extreme basic tcp/ip questions this would be the first and easiest one. Frankly if you dont understand NAT then you have no business attacking any one friend or not.
    Fair Enough pureh@te. I will start learning how TCP/IP works.

    However, while I'm learning could you point me in the right direction please?
    are we talking about headers, datagrams and packets

    Is this correct?
    Each computer on the private network uses the same address but is given a different port number. Basically, the port is an extension of the IP address.
    So in order to scan/access his computer I would need to assign the correct port to the scanner?
    Wouldnt that limit me to only scanning/exploiting that one port?

    This is getting confusing!
    From what I'm understanding is that I can only access his computer through the open ports on the router.
    A nmap scan shows only 2 open ports (80, 27015) even though I know for a fact that he is running a bittorrent client/server, yahoo messenger, limewire client/server, mIRC, and a counter-strike game both client and server. I see the game server port but shouldn't the other services or Virtual Server ports show up as well, such as the bittorrent and limewire ports?
    Wouldn't these ports need to be forwarded in order to access his system? and if so why are they not showing up?

  8. #8
    Very good friend of the forum Virchanza's Avatar
    Join Date
    Jan 2010
    Posts
    863

    Default

    You gotta go to your friend's house and go into his router settings. You need to go to NAT settings., and then to "Incoming NAT". You need to associate a certain incoming port number (e.g. TCP 445) with a particular private IP address on his LAN.

    Do a web search for "Network Address Translation" to learn more.
    Ask questions on the open forums, that way everybody benefits from the solution, and everybody can be corrected when they make mistakes. Don't send me private messages asking questions that should be asked on the open forums, I won't respond. I decline all "Friend Requests".

  9. #9
    Good friend of the forums
    Join Date
    Jun 2008
    Posts
    425

    Default

    Look up ACK flag in tcp header. NAT assigns a different port on the outside ports from whats send from the inside port.
    They would still have to connect out, and you guess what port the router assigned, SOHO routers

    In theroy

  10. #10
    Developer
    Join Date
    Mar 2007
    Posts
    6,124

    Default

    Plus ports which are initiated by the program inside nat are called dynamic so they are not necessarily "open" or a entry vector.

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •