.

Where is the router/firewall ??!!!!!

<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Fri Apr 19, 2013 7:03 am

Where is the router/firewall ??!!!!!

Hey my best friends

i am in middle of a pentest for my cousins company and iam using ISSAF according to hackingdojo shodan.
i've done these phases:

-Passive info gathering
-network mapping:
   
  • identifying live hosts (ok)
  • TCP/UDP Port scanning (OK)
  • Banner Grabbing (OK)
  • P/A OS Guessing (OK)

but now i am in identifying router or firewall stage. i performed a traceroute to the target but after some hops i see all stars because those hops doesn't respond to ICMP packets. now what? how can i identify routers?? pLEaaAse help!!
Last edited by cyber.spirit on Tue Apr 23, 2013 2:25 am, edited 1 time in total.
ICS Academy Network Security Certified
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Fri Apr 19, 2013 8:11 am

Re: Where is the router/firewall??!!!!!

Wait Wait Wait!!!
The problem is solved i have found a 20 range of their public ip address, seven of the are up 5 of that 7 are servers with alot of same configs and 2 of that 7 are Cisco devices there is no open TCP ports on that two but nmap aggressive scanning says tat they are cisco devices

now tell me please

1- how can i find which of them is router or switch?
2- how can i which network they are routing

please help i have complete the project three days later. thanks
ICS Academy Network Security Certified
<<

Grendel

User avatar

Full Member
Full Member

Posts: 246

Joined: Thu Aug 28, 2008 8:48 am

Location: Colorado Springs, CO

Post Fri Apr 19, 2013 12:00 pm

Re: Where is the router/firewall??!!!!!

It may not matter. The purpose of identifying the customer's routers and switches is to see if you can attack an administrative port (ssh, telnet, and/or snmp). Otherwise, just keep moving on.

BTW, we discuss that in the Nidan class.
Last edited by Grendel on Fri Apr 19, 2013 12:01 pm, edited 1 time in total.
- Thomas Wilhelm, MSCS MSM
ISSMP CISSP SCSECA SCNA IEM

Web Site:
  • http://HackingDojo.com
Author:
  • Professional Penetration Testing
  • Ninja Hacking
  • Penetration Tester's Open Source Toolkit
  • Metasploit Toolkit for Penetration Testing
  • Netcat Power Tools
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Fri Apr 19, 2013 1:14 pm

Re: Where is the router/firewall??!!!!!

Grendel wrote:It may not matter. The purpose of identifying the customer's routers and switches is to see if you can attack an administrative port (ssh, telnet, and/or snmp). Otherwise, just keep moving on.

BTW, we discuss that in the Nidan class.


Hi Thomas.
How are you? Thanx for your help i know that, your are right and i don't know cisco hacking but i am really curious to know what those devices are i think they are routers not firewalls but why they dont have any open ports. Anyway thanks i'll go to the next stage
ICS Academy Network Security Certified
<<

dynamik

Recruiters
Recruiters

Posts: 1119

Joined: Sun Nov 09, 2008 11:00 am

Location: Mile High City

Post Fri Apr 19, 2013 5:37 pm

Re: Where is the router/firewall??!!!!!

Switches and routers are Layer-2 and -3 devices, respectively, and do not use TCP or UDP ports to operate. Anything at a higher level than the frame or packet is simply seen as the data payload.
The day you stop learning is the day you start becoming obsolete.
<<

cyber.spirit

User avatar

Sr. Member
Sr. Member

Posts: 356

Joined: Sun Feb 26, 2012 8:07 am

Location: in your heart!

Post Sat Apr 20, 2013 7:14 am

Re: Where is the router/firewall??!!!!!

ajohnson wrote:Switches and routers are Layer-2 and -3 devices, respectively, and do not use TCP or UDP ports to operate. Anything at a higher level than the frame or packet is simply seen as the data payload.


Well, Well, yup that is right TCP/UDP ports are for higher levels in osi or tcp/ip models and i already know that. As i mentioned before they are using cisco stuff and It's better to configure your Cisco device to accept the ssh or at-least telnet connections for later configs because the router/switch is in server room there is so cold and it is hard to config the switch using consol cable, that is why i thought it's strange for a router. anway thanks for your info.
ICS Academy Network Security Certified

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software