i'll suppose i have 4 pc's in my network and ofcourse using NAT protocol to translate all my 4 addresses to 1 Puplic ip

well the Question is is there any chance to penetrate my network through NAT ?

and how to do it ?

Yes, you may need to initiate a connection from the internal network/PCs. However NAT routers may also have running services that can exploited (remote administration/ftp). They may also forward ports to services on the client PC that may be exploited.

To add to what j0rDy mentioned, your system could also get compromised by surfing to malicious web sites (cross-site scripting).

yes thats right only way to use reverse telnet ot reverse trojan ,,, a connect back trojan is that right ?

but how to use a reverse telnet connection to the target in case i can deliver the netcat to the target !?

thats working only when u have physical access on the 2 machines right ?

and also i think u have to use kinda no-ip service if the 2 machines behind NAT right ??

but what if u dont have physical access to the machine its a penetrating not negotiating with 2 machines u own u got wat i mean ?

exploits ? what do u mean i can't exploit it yet cuz its natted !!

how can i exploit it if its natted in the first place ?

The goal of client-side exploits is to make the victim initiate an outbound connection to you. Here we try to exploit the applications installed on the victim's computer. The only drawback of this method is that you've to rely on the victim to access your machines or run your code. Furthermore you've to guess what software the victim might be running.
You've a server that serves exploits to the client machines connecting to it. You send a script/URL to the victim which makes the appropriate client machine to connect to the attacker's server. The server then exploits the client connecting to it.
For eg. suppose you know that a user is not very security conscious. He rarely update his system and is probably still using IE6. You send him a fake email which contains a link/script to your server that serves an appropriate IE6 exploit. When the user clicks on your URL and visits your server his browser is exploited to spawn a reverse shell to you.

As a side note, it will be good for you if you try to learn somethings from yourself too. I had already told you that client side exploits is the way to go here. You could have googled for client-side exploits which would've given you more detailed articles. Learning from a forum is only beneficial if you make some efforts from your side too. No one will spoon fed you, you can only be given pointers. I do not mean to discourage you from asking questions, you'll be helped in the future also, but want you to learn somethings yourself too.

Edit: I didn't mean to be rude. It's just that English isn't my primary language, so I may not have expressed my emotions clearly.

Take a different approach here in understanding this from a non-technological perspective. This allows you to understand the concept more...

Technological approach
Client
Server

Non-tech approach
Client - someone paying you for something
Vendor (server) - someone offering a service

On the non-tech side, you as a vendor are providing say water. You'd like your client to buy (run software) water (exploit). How would you get the client to try your tasty water. Offer it to them for free. People like free.

Tech approach
Enumerate - either technically or socially - any potential services you think your client is running. Familiarize yourself somehow with his internals. Send them an email with an embedded picture:



What does this do for you? If you're running your own webserver, you could check your logs to see the useragent on his browser. Say you see the following:


You now know whomever opened that email is using IE 6.0 to surf the Internet. How do you cause your client (that machine) to open something innocuously and run code? Search for something that could potentially affect his browser. The client would run code and open a shell to you given the right parameters.

Client side: What could that person be running inside their network? If I send them a loaded PDF would I get a shell. If I sent them a heapspraying IE exploit targeted at IE 6.0 would I be able to come OUT from them TO wherever I need them to connect to?

Can I social engineer them to open a loaded file for me? Enumerate THEIR clients and business partners. Send them a loaded PDF spoofing one of their clients, business partners, co-workers. Get them to open up something you've created to exploit the client side. The key is to get them to run something. Could be a variety of things, use your imagination. What would get YOU TO OPEN a file or check a website?