Jager

A means to an end, portforwarding

13 posts in this topic

At the apartment I'm renting the people who own the place don't know a lot about computers and won't / can't setup port forwarding to my machine.

They are seldom at home and most of the time they spend traveling.

So I've thought a little bit about what I can do.

1. Gain access to the router and set up port forwarding myself.

2. Bounce to a remote host and make a tunnel of sort, downside is I have to trust a remote host and also I'll be using their bandwidth.

Know little about security on routers if anyone could enlighten me to paths I can take that would be quite nice of them.

Edited by Jager
0

Share this post


Link to post
Share on other sites

Connect to the router: maybe http://whatever-your-gateway-ip-address-is

If it's a Linksys router it will ask you for a password when you try to do anything. The default password is "admin" for all models. Other routers have their own defaults which you can usually find in the manual or google it.

The built-in security of most routers is generally sufficient to prevent direct attacks. Usually they are set to ignore pings from the internet and will only allow management connections from inside the network. As long as you don't mess with those settings you should be OK even when setting up port forwarding. Also, don't port forward anything like shared files or printers and don't set up the DMZ (De-Militarized Zone) to point to any computer. If you do that you are essentially putting that one machine directly on the internet.

0

Share this post


Link to post
Share on other sites

The port forwarding itself is not a problem done it a few times before, its gaining access to the router to do it.

The brand is Zyxel B-2000 and the standard pass is changed, standard ip 192.168.1.1

I am on the internal network I just don't have access to the router, also the router only requires a pass not a user name.

Did try and run brutus a while back but lack some knowledge about it so I just got error messages when I was scanning.

Might give Hydra a whirl later on, I know that on win boxes its possible to set a timeout after so many incorrect tries, does the routers have such a thing not user set but inbuilt?

0

Share this post


Link to post
Share on other sites

Personally, I would take it the old school way.

Gain access to the router, then... press and hold the reset button.

0

Share this post


Link to post
Share on other sites

I still need to have login and pass for isp which will be gone if I reset it so that kind of rules it out.

Seems I will just have to learn brutus or hydra then =)

Thanks for input though.

0

Share this post


Link to post
Share on other sites
I still need to have login and pass for isp which will be gone if I reset it so that kind of rules it out.

Seems I will just have to learn brutus or hydra then =)

Thanks for input though.

What ISP do they have?

0

Share this post


Link to post
Share on other sites
Its not an American one so I very much doubt that you have heard of it.

I'm assuming it's DSL if you are using a user and pass to connect.

Do they leave any of their computers there? You could snag the hashes via Ophcrack, submit them to plaintext and see if they use the same passwords for their user accounts as their DSL login. If that doesn't work, you can use Hak.5's switchblade to snag all the other passwords on the box and try those.

0

Share this post


Link to post
Share on other sites
Personally, I would take it the old school way.

Gain access to the router, then... press and hold the reset button.

That would cause the router to lose its settings, and then he would have to setup the router all over again to even have an internet connection. Or at least that's what it does with my Netgear.

0

Share this post


Link to post
Share on other sites
That would cause the router to lose its settings, and then he would have to setup the router all over again to even have an internet connection. Or at least that's what it does with my Netgear.

The majority of routers, at least in the states are pretty close to auto configed out of the box. He might have to set up a password, some wifi settings, and maybe some DSL settings. If he gathered enough information, he wouldn't have a problem setting it up. Again, that is, if it's not DSL that requires authentication.

0

Share this post


Link to post
Share on other sites
That would cause the router to lose its settings, and then he would have to setup the router all over again to even have an internet connection. Or at least that's what it does with my Netgear.

The majority of routers, at least in the states are pretty close to auto configed out of the box. He might have to set up a password, some wifi settings, and maybe some DSL settings. If he gathered enough information, he wouldn't have a problem setting it up. Again, that is, if it's not DSL that requires authentication.

He would most likely need physical access to the router(might be a problem?), a driver/setup utility that came with it (probably available from the manufacturer), and like you said probably DSL authentication.

Edited by dalejrrocks
0

Share this post


Link to post
Share on other sites

Physical access is a problem and besides it won't help me, the isp requires authentication which I don't have.

Their computer is only on while they need to use their computer and the time they are on in a month is at max 3 hours.

If I had physical access to the computer it would be different but I don't.

Seems the router ain't the way to go, routers these days probably got dos protection so any overflow of the kind is probably useless.

Don't know if routers have any timeout after wrong passwords if so that would rule out brute and dictionary.

Edited by Jager
0

Share this post


Link to post
Share on other sites

I would suggest using wwwhack. It is very fast for a lan based attack. It is available here http://www.packetstormsecurity.org/Crackers/wwwhack.zip

Choose basic authentication when running the attack and dont try to register since the group that made it doesnt exist any more. If you close the program and re-open it and you have problems, delete the extracted files and then re-extract them.

Oh and i would use a word list from cain or milw0rm http://milw0rm.com/mil-dic.php

Edited by xof7
0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now