Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 36

Thread: How To Scan A Target Behind A Router

  1. #21
    Member
    Join Date
    Jun 2008
    Posts
    101

    Default

    Quote Originally Posted by Despotic View Post
    The question still stands: How to scan/access a computer that is behind a router?
    I hope you have a bit of understanding of how NAT/PAT works by now. The simple answer is you cannot unless:

    1.) You can gain access to his router.
    2.) There are ports forwarded from the router to vulnerable services in his machine.
    3.) Some social engineering.

    The third option is the easiest. A word of advice to you is, don't try this over the internet. Firstly, because from what I have read you don't know enough (I don't either, that's why I don't do it!) and secondly, you can imitate the internet very easily inside your own private network. Hope this helps!
    QuadCore AMD Phenon X4 9950, 2600 MHz
    8GB DDR2 800MHz
    Dual Boot System: Windows Server 2008 x64 w/ Hyper-V, Ubuntu 9.10 x64

  2. #22
    Developer
    Join Date
    Mar 2007
    Posts
    6,126

    Default

    Okay let me try to explain in laymans terms.

    The internet is big complicated mess of numbered IP address's

    This is how computers find each other

    Back in the day you had one PC and one IP

    Then 2 things happened. IP's were running out and people were getting more than one computer.

    So private addressing was born. i.e NAT (Network Address translation)

    This allowed people to use private subnets and add as many devices as they wanted to it.

    This is known as a LAN (Local Area Network)

    So the incoming connection from the Inturwebs comes in on a public IP (The Internet) and then your gateway/routing mechanism forwards it on to its privately addressed destination.

    So what have we learned? If the port is not already forwarded to the victim box you will need to gain control of the routing hardware.

  3. #23
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    15

    Default

    I guess the laymen terms did the trick. I have a grounded understanding of what is happening and how to scan his computer/router.

    I think I was just caught up in the hype of reading that if a hacker is determined to access your system, no matter how secure you think it may be, there is always a way in.

    For some reason I truly believed that there were some way of bypassing all the security of the router to just scan his system without the need of port forwarding.
    I was making all of this too difficult in my own mind. I see now why everyone reacted the way they did to the question. How simple.

  4. #24
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    It's not like the movies .

    A good way to think is, "If I can't get to my target, how can I get the target to come to me?"

    The answer has already been posted on this thread. Best of luck to you.

    edit:
    I think I was just caught up in the hype of reading that if a hacker is determined to access your system, no matter how secure you think it may be, there is always a way in.
    This is actually true, you just need to think outside the box. Read above.

  5. #25
    Junior Member
    Join Date
    Jan 2010
    Location
    Canada
    Posts
    84

    Default

    I suggest reading up on:
    ROuting Protocols
    Access Control Lists
    Dynamic Port Routing, such as UPNP and AGL.

  6. #26
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Despotic View Post
    You guy's have video's how to perform some of these process. Where's the moral/legal question fingers pointing on that topic?
    Homemade labs my man. I got 7 computers hooked up to multiple routers, hubs, switches etc. Some of the members here probably have more than that. Not to mention the use of Virtual Machines, and Live CD/DVD's.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  7. #27
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Despotic View Post
    Very Incomplete Indeed!

    I'm still reading everything I can find about TCP/IP at the suggestion of pureh@te. Any other must know suggestions would be appreciated.
    In my opinion the best way to learn how NAT operates its to configure it via the command line on either a Cisco router or a Linux system with multiple interfaces. Don't use a GUI, it makes it too easy. Learn about the different types of NAT and PAT such as static and dynamic allocation, and configure each one. The experience of doing this will give you a very strong understanding of how it works. There are guides on the Net to do this with Iptables on Linux, and the most recent CCNA study guide covers this for Cisco routers. The CCNA study guide is also an excellent reference for learning TCP/IP generally.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  8. #28
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Quote Originally Posted by Despotic View Post
    So, anyone know an answer to the question asked here: How to access/scan a target behind a router?
    I might have posted this in the wrong section as I'm sure newbies do not know how to answer this.
    Read some TCP/IP Basics, http://support.microsoft.com/kb/164015, http://www.tcpipguide.com/free/t_toc.htm, http://www.cisco.com/en/US/docs/inte...Protocols.html.
    Read about NATing http://www.2000trainers.com/security...on-nat-basics/, http://en.wikipedia.org/wiki/Network...ss_translation.
    Read RFC 1918.
    Checkout browserspy.dk: http://browserspy.dk/

    Then, Try your google'fu on some terms like:
    - Firewalk / Firewalking (no not the type they do in the Bahamas)
    - JavaScript port scanner
    I'm a compulsive post editor, you might wanna wait until my post has been online for 5-10 mins before quoting it as it will likely change.

    I know I seem harsh in some of my replies. SORRY! But if you're doing something illegal or posting something that seems to be obvious BS I'm going to call you on it.

  9. #29
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    15

    Default

    Thank you guys for all the great responses.

    Thorin, you and a few others have gone above and beyond helping by taking the time to post links and responding to such a newbie question. It may seem like a simple thing to some people but for someone to take the time out of their day to do the research and actually post links to help another person, especially a newbie, is simply awesome.

    Thank You, Your time is greatly appreciated!

  10. #30
    Just burned his ISO
    Join Date
    Dec 2009
    Posts
    1

    Default Zombie.......

    It is possible to turn certain hosts into zombies (on the network border that might be poorly configured), with which you can tunnel your scans through that host. Not only will it get you into the LAN's hosts, it will appear the scans are coming from that particular host that is being used as the zombie system. Hope this helps, yet it isn't easy finding a host that vulnerable on the border unless he maybe has a printer or something along those lines in a DMZ.

Page 3 of 4 FirstFirst 1234 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •