Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: Pentesting with no open ports?

  1. #1
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    6

    Default Pentesting with no open ports?

    I am pentesting my home connection as if an external person was trying to attack it, even though I am within my own network.
    Here is my current home setup:

    INTERNET---modem---router---computer (I am using this computer right now)

    So I portscanned my public IP address and only ports 80 and 53 are open and on nmap it shows my IP identified as my D-Link router. I didn't know much about networking so I read up a little and understood why my router showed up instead of my computer (which I expected, and for nmap to identify my IP as a Linux OS instead of a router).

    Anyway, is there no other method to test my computer security other than trying to find an exploit with my router's firmware since I have no exploitable services on any open ports (any method other than clicking on a link sent to myself to expose some browser vulnerability through port 80 and similar stuff)?

  2. #2
    Member muminrz's Avatar
    Join Date
    Jan 2010
    Posts
    64

    Default Re: Pentesting with no open ports?

    Search before you post anything

  3. #3
    Member xX_Spiidey_Xx's Avatar
    Join Date
    Jan 2010
    Location
    /dev/urandom
    Posts
    256

    Default Re: Pentesting with no open ports?

    ^ ^ What he said. ^ ^

    Further, I highly recommend that you take yourself off the network, or use a remote computer to pentest from the outside in. IE: rent or buy a VPS or similar. Do some more reading. Explore the internets. There are lots of things you can do to exploit routers, breach firewalls, etc., but you have to know how to first.

    EDIT: Try googling your router's model, firmware and the word "exploit" or "security". You can also check milw0rm. Because you said that you noted that port 80 (HTTP) was open, find out if that's open to the outside world; you could try bruteforcing your router's admin password... Most router default logins and passwords (like admin:admin) can be found all over the place. As you may also already know, port 53 is typically used for DNS. Poke around Google, see what you can find about DNS exploits and spoofing.
    Last edited by xX_Spiidey_Xx; 02-06-2010 at 01:47 PM. Reason: I was in a bad mood earlier, but Archangel made me see the light.
    thou shalt treat all computers as thou wouldst treat thyself, for thou art the creator of thine own problems.

  4. #4
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default Re: Pentesting with no open ports?

    Quote Originally Posted by muminrz View Post
    Search before you post anything
    Gentlemen give at least a keyword or two where to search.
    Or don't post at all on the subject.
    Thanks.

  5. #5
    Junior Member Valkyrie's Avatar
    Join Date
    Jan 2010
    Posts
    49

    Default Re: Pentesting with no open ports?

    Quote Originally Posted by newbie View Post
    So I portscanned my public IP address and only ports 80 and 53 are open and on nmap it shows my IP identified as my D-Link router. I didn't know much about networking so I read up a little and understood why my router showed up instead of my computer (which I expected, and for nmap to identify my IP as a Linux OS instead of a router).
    I believe you should be picking up more than just your router if you entered the correct scan range?
    Did you use something like this?
    eg. nmap -sT 192.168.0.1/25 ?

  6. #6
    Member xX_Spiidey_Xx's Avatar
    Join Date
    Jan 2010
    Location
    /dev/urandom
    Posts
    256

    Default Re: Pentesting with no open ports?

    *erm* I believe he said he scanned his public IP.

    Some reading, perhaps?
    thou shalt treat all computers as thou wouldst treat thyself, for thou art the creator of thine own problems.

  7. #7
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    6

    Default Re: Pentesting with no open ports?

    Quote Originally Posted by xX_Spiidey_Xx View Post
    ^ ^ What he said. ^ ^

    Further, I highly recommend that you take yourself off the network, or use a remote computer to pentest from the outside in. IE: rent or buy a VPS or similar. Do some more reading. Explore the internets. There are lots of things you can do to exploit routers, breach firewalls, etc., but you have to know how to first.

    EDIT: Try googling your router's model, firmware and the word "exploit" or "security". You can also check milw0rm. Because you said that you noted that port 80 (HTTP) was open, find out if that's open to the outside world; you could try bruteforcing your router's admin password... Most router default logins and passwords (like admin:admin) can be found all over the place. As you may also already know, port 53 is typically used for DNS. Poke around Google, see what you can find about DNS exploits and spoofing.
    I don't have access to any outside connections...I work at a fast food restaurant for minimum wage so at the end of the month after rent/bills/food I simply don't have the financials to spend $20 a month on a VPS.

    I already checked my router and firmware for vulnerabilities but there are no public ones (yet). I audited the source code of the firmware manually and haven't found any exploits yet, but then again I'm not very good at coding.

    Also I checked ports 80 and 53 with online services such as seemyport.com and canyouseeme.org and they say that my ports 80 and 53 are not actually available as open (Connection timed out) even though nmap sees them for some reason. Bruting my router admin/pass will not work because my password is 30+ random characters and it would take a very long time to crack with just one computer with a 1.5 GHz processor. On my router's firewall I have all ports blocked anyway (including outbounds 80 and 53 but I know I need inbound 80 to browse the internet). So are these ports actually open or not? I have no DNS servers running but if I wanted to exploit DNS I'd have to either exploit the DNS protocol with my ISP, which I cannot do because breaking my ISP's DNS servers would be bad...and I don't want to go to jail so I won't be doing that.

    Anyway, what books do you recommend?

  8. #8
    Just burned his ISO
    Join Date
    Jan 2010
    Location
    :.Lost In Cyber Space.:
    Posts
    16

    Lightbulb Re: Pentesting with no open ports?

    Sure there are many other things in which you could test like social engineering on other user's on your network. see just how computer savvy they are. See if you cant get yourself a reverse shell in line. Hope this can be used as a slight resource to keep you going

  9. #9
    Just burned his ISO
    Join Date
    Jan 2010
    Posts
    6

    Default Re: Pentesting with no open ports?

    Quote Originally Posted by calico View Post
    Sure there are many other things in which you could test like social engineering on other user's on your network. see just how computer savvy they are. See if you cant get yourself a reverse shell in line. Hope this can be used as a slight resource to keep you going
    I'm the only person on my network and there're no ports open to start a shell

  10. #10
    Junior Member
    Join Date
    Jan 2010
    Posts
    46

    Default Re: Pentesting with no open ports?

    Quote Originally Posted by newbie View Post
    ...and for nmap to identify my IP as a Linux OS instead of a router).
    I think a lot if not most routers use some sort of embedded Linux OS. Nmap is most likely correct.

    Also you want to be really careful pentesting any network (even your own) with a live network connection. Large amounts of attack traffic could easily generate some nasty letters from your ISP, or even get your service discoed with no warning.

    Particularly for the purposes of learning the basics, I recommend you buy a cheap router from Wal-Mart or the like (you can usually find one under $20 if you look around a little) and set up kind of an "island" network. It should be completely separated from your regular home network and the internet.
    Last edited by clutch; 02-06-2010 at 11:35 PM.

Page 1 of 2 12 LastLast

Similar Threads

  1. Can't open Emesene
    By amo12 in forum Beginners Forum
    Replies: 1
    Last Post: 01-27-2010, 04:03 AM
  2. Gtk-WARNING **: cannot open display: 0:0
    By Shatter in forum BackTrack Fixes
    Replies: 2
    Last Post: 01-24-2010, 06:55 PM
  3. Warning: unable to open an initial console
    By Rupert3k in forum Beginners Forum
    Replies: 0
    Last Post: 01-24-2010, 10:11 AM
  4. Pentesting Ethics: Should I do it/ Is it legal?
    By Archangel-Amael in forum Experts Forum
    Replies: 4
    Last Post: 01-24-2010, 12:41 AM
  5. Leo Files - "Open With..." and Default Icon
    By ColForbin in forum BackTrack Fixes
    Replies: 0
    Last Post: 01-23-2010, 07:22 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •