.

Need some insight

<<

Saber123316

Newbie
Newbie

Posts: 7

Joined: Wed Apr 25, 2007 9:06 pm

Post Sun Mar 02, 2008 5:52 am

Need some insight

Not so much a hacking post as it is general Help.

I got layed off from my original employer and found work with a local IT company that is based around the world best thing that has ever happened to me as I am constantly being challenged my first "test" is this. I have no way to go around doing this I need some help.

I have to tunnel RDP through SSH via putty to my home network from a windows server 2k3 box. now that seems to be the easy part however the server is running off a linux host as a VMware machine. so I have access to the linux host just not the windows host. the vm is on its own internal lan by the looks of it. something like a 10.50.10.x.

any way to find that machines IP without a scanner using linux commands? how would you guys do this?

P.S. Thanks for all your help in advance.
<<

venom77

User avatar

Hero Member
Hero Member

Posts: 1905

Joined: Mon Dec 11, 2006 3:23 pm

Post Sun Mar 02, 2008 9:55 am

Re: Need some insight

I think I'm confused.

You need the IP of a Win2K3 VM, running on a Linux Host, and this is on a server at your work?

You have access to the Linux Host, but no access to the Win2K3 VM?

If you have no access, what good is finding the IP?
<<

pseud0

User avatar

Recruiters
Recruiters

Posts: 210

Joined: Sat Nov 17, 2007 8:26 pm

Location: Detroit, Michigan

Post Sun Mar 02, 2008 10:34 am

Re: Need some insight

I'm a bit confused also.  If you have access to the host then usually you can just do a ifconfig (*ix) or ipconfig (windows) and it will give you a list of listening NICs.  That includes real and virtual.  If that doesn't work for some reason, and you have full access to the host, you can us VMware itself to get the IP.  Just look at the configuration for the instance you are interested in.  When you look at the NIC configuration it should show you was IP range it is set to, or the IP pool that it can pull a range from (for example 10.10.10.0/24).  Your description sounds like you are NATing using your linux host's physical NIC.  That means it should be pretty straightforward to tunnel out of the w2k3 server, but not fun trying to setup the tunnel from your home network into that server.
CISSP, CISM, CISA, GCIH, GREM, CEH, HMFIC, KTHXBIROFLCOPTER
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sun Mar 02, 2008 10:38 am

Re: Need some insight

Try bridging the virtual network adapter for the Win2K3 VM and then assign it an IP address on the same subnet as the Linux Host. You should now be able to reach the Win2K3 machine directly.

Hope this helps,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

LSOChris

Post Sun Mar 02, 2008 3:05 pm

Re: Need some insight

just do a simple bash script to ping all the hosts in your 10.10.50.x range

.1 should be your vmware gateway
<<

Saber123316

Newbie
Newbie

Posts: 7

Joined: Wed Apr 25, 2007 9:06 pm

Post Sun Mar 02, 2008 6:59 pm

Re: Need some insight

alright

A brief update on what happened.


This morning I got up sand started talking to the admin who tasked me with getting remote access to the network. so I went about and got added to the sudo list. after that I went Sudo Nmap -sP 192.168.10.* the machine is on that subnet. got 8 machines up 1 was a router 1 was the linux host 4 pc's and 1 server so I did a Nmap -A and got the server finally I got the servers IP I went into PuTTy and put in the tunnel and VOILA I had access to the server through a ssh tunnel.

Now I got suckered into handling all the Domain work for this little network. :D
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Sun Mar 02, 2008 10:18 pm

Re: Need some insight

You've shown your woirth and were given additional duties. That's how you climb that ladder. Well done.

Don
CISSP, MCSE, CSTA, Security+ SME
<<

shawal

Jr. Member
Jr. Member

Posts: 88

Joined: Mon Mar 10, 2008 1:24 pm

Post Tue Mar 11, 2008 3:30 am

Re: Need some insight

ChrisG,

ping -b [broadcast address] will ping all hosts in that broadcast domain, no need for a shell script given that he is runing it from Linux, do 't know what is the equivalent to that in Windows
RHCE, GIAC GCIH.
<<

RoleReversal

User avatar

Hero Member
Hero Member

Posts: 928

Joined: Fri Jan 04, 2008 8:54 am

Location: UK

Post Tue Mar 11, 2008 3:46 am

Re: Need some insight

Shawal,

shawal wrote:ping -b [broadcast address] will ping all hosts in that broadcast domain


Nice tip, haven't come across that one before. One more for the toolbox ;)

Return to Network Pen Testing

Who is online

Users browsing this forum: No registered users and 1 guest

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software