Hi here,

i want to set up a penlab with a small internal network behind a router.
it's not rarely that users open port 80 for the router-config-interface external by mistake and i want to integrate this.
after scanning and connect to open port 80, i go inside the configmenu with admin-rights and take over control.
but what can i do to go further and scanning the internal lan and try to penetrate the clients inside?

a answer before: YES, this is just a penlab-build and no result of just scanning a router from my wan-subnet.
i really want to try this build, 'cause i often seen this fail from some uninformed users...

thx for help & sorry for bad english