Security Basics mailing list archives
Re: Inverse NAT?
From: Todd Haverkos <infosec () haverkos com>
Date: Tue, 16 Aug 2011 13:09:49 -0500
"Turamarth" <admin () turamarth com> writes:
There is any way to enter a lan interface through a wan interface ( in a normal router ) without a nat forwarding rule, or admin account of the router? maybe a variance of routing tables, o something like this, any idea or documentation about it ?
Reading between the lines and given that we're in a penetration testing mailing list, would it be fair to assume that your goal is to penetrate a client that employs a nat router? Assuming it's part of the scope (and hopefuly it is since the attackers are certainly using it), client-side exploitation would be the easiest way to go here. One way or another (be it through a email phishing campaign or phone social engineering), provide your payload that does a call back on traffic from their LAN connected machine to your waiting web server. This leverages the "hiding in plain sight" approach of leveraging traffic that everyone needs to let out of their environment: outbound tcp/80 and tcp/44. The Social Engineering Toolkit (SET) makes pretty quick work of such. http://www.secmaniac.com/movies/ for demos of what that looks like. This may be something you already know, but as network perimeters have gotten pretty hard and crunchy, client side is the method that's making the most hay for the bad guys. If client side or SE is not in scope, you'd have go hunting for an overlooked nat forward rule or a VPN listening somehow. Wireless is another path of lower resistance if that's in scope to get behind that router. Also don't forget last year's gem from HD Moore about the UDP port that a frightening number of VxWorks based routers are listening on. http://www.darkreading.com/blog/227700848/vxworks-vulnerability-tools-released.html Best Regards, -- Todd Haverkos, LPT MsCompE http://haverkos.com/ ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- Inverse NAT? Turamarth (Aug 16)
- RE: Inverse NAT? Groves, Daniel (Aug 16)
- Re: Inverse NAT? Marcelo Soria (Aug 16)
- Re: Inverse NAT? John C Borkowski III (Aug 16)
- Re: Inverse NAT? Jerry (Aug 17)
- Re: Inverse NAT? Abuse007 (Aug 16)
- Re: Inverse NAT? Todd Haverkos (Aug 16)