Sign in to follow this  
Followers 0
jelliott7593

Pen Testing Question

8 posts in this topic

I got one of those question I just cant seem to figure out. It's a dumb one so strap in and try your hardest not too flame :P . My friend just wanted me to run a few quick scans to see if there services running he didn't want. And he lives with his parents in his household that has a LAN consisting of like 5 or 6 computers/laptops all under one router. Now I wanted to scan his box, but the Linksys Wireless Router is preventing me. So how do I get to him? Do I have to get past the router? Is there an alternate technique? Oh and by the way the router isn't really allowing ICMP or any other type of packets to scan what ports are being used. (Very strict)

-- Thanks for any body's help!

0

Share this post


Link to post
Share on other sites

The only way to actually scan the machine would be to have him in a DMZ or vpn into the network so that you can actually hit him. But all he has to do is run netstat to see what services are listening. There is no reason why you need to port scan him to see.

0

Share this post


Link to post
Share on other sites

If his network has UPnP enabled, you could write a site that would punch holes in his firewall. Also, you could write a site that uses javascript to portscan his network and report results to you.

0

Share this post


Link to post
Share on other sites

So hypothetically one my friend's wants me too pen test his linux box. He gives me his IP address, I go to nmap it and the router is blocking inbound packets in any port except for 80. How am I able to scan his server from there? How do people pen test past the strict firewall that the router is implementing?

0

Share this post


Link to post
Share on other sites
So hypothetically one my friend's wants me too pen test his linux box. He gives me his IP address, I go to nmap it and the router is blocking inbound packets in any port except for 80. How am I able to scan his server from there? How do people pen test past the strict firewall that the router is implementing?

That's the point of the firewall...

0

Share this post


Link to post
Share on other sites
So hypothetically one my friend's wants me too pen test his linux box. He gives me his IP address, I go to nmap it and the router is blocking inbound packets in any port except for 80. How am I able to scan his server from there? How do people pen test past the strict firewall that the router is implementing?

If the router is to be included in the pentesting, try some different firewall evasion techniques that nmap provides (such as setting your source port to 80, or fragmenting packets, etc.)

0

Share this post


Link to post
Share on other sites

http://www.packetfactory.net/projects/firewalk/ is also helpful is stepping through the firewall (called "firewalking") to see which ports you can get traffic through. You arent actually doing anything with the intended target, simply learning what you can and can't pass through the firewall which can be very helpful in determining what your options are.

The other thing you need to determine is the addressing your friend is using. Is it private (192.168.x.x, 10.x.x.x or 172.16.x.x-172.31.x.x) or does he have a publicly reachable IP?

Edited by tlturner
0

Share this post


Link to post
Share on other sites
So hypothetically one my friend's wants me too pen test his linux box. He gives me his IP address, I go to nmap it and the router is blocking inbound packets in any port except for 80. How am I able to scan his server from there? How do people pen test past the strict firewall that the router is implementing?

If the router is to be included in the pentesting, try some different firewall evasion techniques that nmap provides (such as setting your source port to 80, or fragmenting packets, etc.)

I never knew that nmap offered that.

http://www.packetfactory.net/projects/firewalk/ is also helpful is stepping through the firewall (called "firewalking") to see which ports you can get traffic through. You arent actually doing anything with the intended target, simply learning what you can and can't pass through the firewall which can be very helpful in determining what your options are.

The other thing you need to determine is the addressing your friend is using. Is it private (192.168.x.x, 10.x.x.x or 172.16.x.x-172.31.x.x) or does he have a publicly reachable IP?

Ah this tool is very neat.

These were the types of answer I was looking for! Thanks a ton.

0

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0