How To Scan A Target Behind A Router

[adri_ht_]

The question still stands: How to scan/access a computer that is behind a router?

I hope you have a bit of understanding of how NAT/PAT works by now. The simple answer is you cannot unless:

1.) You can gain access to his router.
2.) There are ports forwarded from the router to vulnerable services in his machine.
3.) Some social engineering.

The third option is the easiest. A word of advice to you is, don't try this over the internet. Firstly, because from what I have read you don't know enough (I don't either, that's why I don't do it!) and secondly, you can imitate the internet very easily inside your own private network. Hope this helps!

[purehate]

Okay let me try to explain in laymans terms.

The internet is big complicated mess of numbered IP address's

This is how computers find each other

Back in the day you had one PC and one IP

Then 2 things happened. IP's were running out and people were getting more than one computer.

So private addressing was born. i.e NAT (Network Address translation)

This allowed people to use private subnets and add as many devices as they wanted to it.

This is known as a LAN (Local Area Network)

So the incoming connection from the Inturwebs comes in on a public IP (The Internet) and then your gateway/routing mechanism forwards it on to its privately addressed destination.

So what have we learned? If the port is not already forwarded to the victim box you will need to gain control of the routing hardware.

[Despotic]

I guess the laymen terms did the trick. I have a grounded understanding of what is happening and how to scan his computer/router.

I think I was just caught up in the hype of reading that if a hacker is determined to access your system, no matter how secure you think it may be, there is always a way in.

For some reason I truly believed that there were some way of bypassing all the security of the router to just scan his system without the need of port forwarding.
I was making all of this too difficult in my own mind. I see now why everyone reacted the way they did to the question. How simple.

[Lincoln]

It's not like the movies .

A good way to think is, "If I can't get to my target, how can I get the target to come to me?"

The answer has already been posted on this thread. Best of luck to you.

edit:

I think I was just caught up in the hype of reading that if a hacker is determined to access your system, no matter how secure you think it may be, there is always a way in.

This is actually true, you just need to think outside the box. Read above.

[hitthemlow]

I suggest reading up on:
ROuting Protocols
Access Control Lists
Dynamic Port Routing, such as UPNP and AGL.

[Archangel-Amael]

You guy's have video's how to perform some of these process. Where's the moral/legal question fingers pointing on that topic?

Homemade labs my man. I got 7 computers hooked up to multiple routers, hubs, switches etc. Some of the members here probably have more than that. Not to mention the use of Virtual Machines, and Live CD/DVD's.

[lupin]

Very Incomplete Indeed!

I'm still reading everything I can find about TCP/IP at the suggestion of pureh@te. Any other must know suggestions would be appreciated.

In my opinion the best way to learn how NAT operates its to configure it via the command line on either a Cisco router or a Linux system with multiple interfaces. Don't use a GUI, it makes it too easy. Learn about the different types of NAT and PAT such as static and dynamic allocation, and configure each one. The experience of doing this will give you a very strong understanding of how it works. There are guides on the Net to do this with Iptables on Linux, and the most recent CCNA study guide covers this for Cisco routers. The CCNA study guide is also an excellent reference for learning TCP/IP generally.

[thorin]

So, anyone know an answer to the question asked here: How to access/scan a target behind a router?
I might have posted this in the wrong section as I'm sure newbies do not know how to answer this.

Read some TCP/IP Basics, http://support.microsoft.com/kb/164015, http://www.tcpipguide.com/free/t_toc.htm, http://www.cisco.com/en/US/docs/inte...Protocols.html.
Read about NATing http://www.2000trainers.com/security...on-nat-basics/, http://en.wikipedia.org/wiki/Network...ss_translation.
Read RFC 1918.
Checkout browserspy.dk: http://browserspy.dk/

Then, Try your google'fu on some terms like:
- Firewalk / Firewalking (no not the type they do in the Bahamas)
- JavaScript port scanner

[Despotic]

Thank you guys for all the great responses.

Thorin, you and a few others have gone above and beyond helping by taking the time to post links and responding to such a newbie question. It may seem like a simple thing to some people but for someone to take the time out of their day to do the research and actually post links to help another person, especially a newbie, is simply awesome.

Thank You, Your time is greatly appreciated!

[Grimreaper445]

It is possible to turn certain hosts into zombies (on the network border that might be poorly configured), with which you can tunnel your scans through that host. Not only will it get you into the LAN's hosts, it will appear the scans are coming from that particular host that is being used as the zombie system. Hope this helps, yet it isn't easy finding a host that vulnerable on the border unless he maybe has a printer or something along those lines in a DMZ.