Results 1 to 5 of 5

Thread: Pentest through a router

  1. #1
    Just burned his ISO interstella's Avatar
    Join Date
    Aug 2011

    Default Pentest through a router

    Hi here,

    i want to set up a penlab with a small internal network behind a router.
    it's not rarely that users open port 80 for the router-config-interface external by mistake and i want to integrate this.
    after scanning and connect to open port 80, i go inside the configmenu with admin-rights and take over control.
    but what can i do to go further and scanning the internal lan and try to penetrate the clients inside?

    a answer before: YES, this is just a penlab-build and no result of just scanning a router from my wan-subnet.
    i really want to try this build, 'cause i often seen this fail from some uninformed users...

    thx for help & sorry for bad english

  2. #2
    Very good friend of the forum hhmatt's Avatar
    Join Date
    Jan 2010

    Default Re: Pentest through a router

    I don't see what you're getting at but most routers aren't powerful enough to run pentesting tools. Most come with basic networking functions like ping and traceroute but nothing that will get you a shell.

    You want to have control of a machine on the inside whether that be a server or pc.

  3. #3
    Member shadowzero's Avatar
    Join Date
    Jun 2011

    Default Re: Pentest through a router

    If you've managed to take control of the router, one thing you can do is change the DNS to point to a DNS server you control. Your own DNS server could could then redirect users to a copy of a commonly accessed website that would either capture user credentials, or run exploits against the clients when it's visited. See

  4. #4
    Senior Member iproute's Avatar
    Join Date
    Jan 2010
    Midwest, USA

    Default Re: Pentest through a router

    If it's an advanced enough router, it may be possible to configure it as a VPN server to pivot to the inside network.
    I did a simulation write-up awhile ago using an emulated cisco router doing this, though it was with backtrack4r2. Imagine it wouldn't be hard at all to get working on BT5

    Though I must admit, shadowzero's suggestion is more feasible for the majority of equipment out there. I'm not sure I've ever found a device that you couldn't alter DNS settings on. Either the router itself's assigned servers or you can modify the DHCP server settings to hand out different DNS servers.

  5. #5
    Just burned his ISO interstella's Avatar
    Join Date
    Aug 2011

    Default AW: Pentest through a router

    thanks for replys, but...
    i don't want to do a pentest directly on the router.

    just think that it would be a fictitious router from any internet provider you get and the user opened port 80 and 8080 (https-proxy) on the wan interface AND forgot to set a password for the config-interface...i know it's a silly example, but we've enough unknowledged users out there who don't care about security.

    so an connection to port 80 and adminrights for the web-config are given to me and see that port 80 is open for nat.
    and as i'm new in bt and pentesting, i don't really know what ways are given to me to go inside the internal lan and scanning clients.

    [why's the beginner section wrong for this topic? this's just a newbie question, so it should placed right there or am i wrong?]

Similar Threads

  1. XP Pentest Disks
    By Soultaker666 in forum Beginners Forum
    Replies: 3
    Last Post: 12-22-2010, 08:02 PM
  2. Curso de Pentest
    By AnjoFantasma in forum Iniciantes
    Replies: 4
    Last Post: 06-14-2010, 02:54 PM
  3. can't pentest SSH plz help
    By jenbo in forum OLD Newbie Area
    Replies: 1
    Last Post: 01-17-2010, 11:08 AM
  4. Pentest Video
    By Lincoln in forum OLD BT3 Videos
    Replies: 0
    Last Post: 06-23-2009, 05:20 PM
  5. Pentest authorized!
    By -LoX- in forum OLD Pentesting
    Replies: 37
    Last Post: 04-02-2009, 11:16 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts