Results 1 to 7 of 7

Thread: NAT hacking.

  1. #1
    Junior Member
    Join Date
    Aug 2007
    Posts
    36

    Default NAT hacking.

    Can anyone point me to some info about hacking through a NAT?
    I've always been interested in how it would work, but haven't really seen much info on it.
    Is tricking the user to come to you(exploited website, downloaded file, etc.) the only way to get in?

    Yes, this is for personal testing on my own network(whether you believe it or not).

  2. #2
    Just burned his ISO trustme's Avatar
    Join Date
    Sep 2007
    Posts
    23

    Default

    As I understand it you need to have a host on the inside initiate the connection back to you. Otherwise you would need to be able to exploit the firewall between the two host.

    You could, for example, have a remote host inside the firewall run a script that creates a shell bound to a port. Then have another script that makes an outbound connection on an allowed outbound port, like http/80 to your machine. Your machine listens on port 80 and pipes that port to an other on your machine which you can connect to.

    I quickly found the following it's about using netcat and telnet to reverse shell.

    onlamp.com/pub/a/onlamp/2003/05/29/netcat.html

    It's not the best tutorial I have ever read on it but should help you figure out what to search for next.

  3. #3
    My life is this forum thorin's Avatar
    Join Date
    Jan 2010
    Posts
    2,629

    Default

    Google is your friend, try search strings like "How NAT works", "How ARP works", etc.

  4. #4
    Junior Member
    Join Date
    Aug 2007
    Posts
    36

    Default

    Thanks for the netcat tut, trustme. I'll look into it.

    On the other hand, I know how NAT and ARP work, I'm just having to get my mind to think on the offensive side.

  5. #5
    Just burned his ISO CloseCall's Avatar
    Join Date
    Feb 2006
    Posts
    11

    Default

    Well unless they have services exposed to the internet via port forwarding there is little you can do to the machines behind it.

    To use netcat you would already need to have access to the host. Netcat will not help you the get access the first time but once the perimeter is breached its allows for easy access back in without having to preform the same actions. So yes to "defeat" NAT you would have to trick the computer/User to initiate a connection or to execute software.

    NAT also provides problems for VOIP (service) provider like for example skype. They use technique's called UDP hole punching. More info:

    en.wikipedia.org/wiki/UDP_hole_punching (cant post urls yet so please c/p )

    But this also requires that you already have access on the host behind the devices that does the NAT.

    To give you some advice. normally an attack will take place against computers/servers that have public services running like webservers, mail servers, routers, etc. Once the bad guys are in the will try to hop further into the network. Thats why its a good idea to implement a Demilitarized zone (DMZ) for servers running public services. You can find more information on Demilitarized zones on wikipedia

    en.wikipedia.org/wiki/Demilitarized_zone_%28computing%29 (cant post urls yet so please c/p )

  6. #6
    dlink
    Guest

    Default

    I don't know if this would work but if you send a syn/ack and you have guesssed a sevice behind the nat like web browser and you send a exploit in the has data, you might beable to open up a port. Try testing it on your network. I don't know if it will work has i don't have a router

  7. #7
    Senior Member imported_spankdidly's Avatar
    Join Date
    Feb 2006
    Posts
    1,031

    Default

    I have Nats. Usually in the summer time if fruit is left out on the counter.
    I felt like bending the bars back, and ripping out the window frames and eating them. yes, eating them! Leaping, leaping, leaping! Colonics for everyone! All right! You dumb*sses. I'm a mental patient. I'm *supposed* to act out!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •