router penetration and overcoming

[dopeydadwarf]

I'll look into a writing a quick script that will alter his router from his personal computer, and then have it kill itself after one usage, and keep it nonmorphing. Shouldn't be too difficult, when I can figure out his router information that is.

While this may not be a direct answer pooh. I will give you my 2 cents anyhow, The system we use is built upon a set of rules and regulations. If you understand both then you can break anything. While it may take you a large amount of time to accomplish this, it can be done. There may be several of you out there that disagree, you must remember one thing. The rules are subject to human error, these little grey boxes are only as smart as we tell them to be.



Be safe and stay free

[Tiger Shark]

Pooh: If this is a Linksys then by default it allows _any_ outbound connection to anywhere on the public network, (in fact all the commercial grade routers do - they don't want the users having to work out for themselves how to get to the web or send email to granny. Thus, if he's simply plopped the Linksys in the way without any further configuration then all ports outbound are open.... Note also, logging sux unless you get another app to pick up the SNMP messages it can send out. The log that comes in the interface gives destination and port for outbound traffic.... that's it.... not even a time....

If he's sophisticated he could go in and apply agress rules in a rather clunky way but there are always certain things he's going to allow unless he wants to reconfigure the box every time he wants to do something. That will become tiresome. At a minimum he's probably going to leave either 80, 8000 or 8080 open for web, 443, for SSL, (so he can buy stuff on EBay), 25 and 110 for email. After that your knowledge of him will tell you what other ports outbound would be open, (does he play games? Which? Kazaa? FTP files around etc. etc).

[cgkanchi]

Hey Pooh, talking about trojan and router, have a look at this post. It was posted before you joined (I think) by a guy called Agent_Steal. Download the pdf, it's a great read.
http://antionline.com/showthread.php?s=&threadid=254165

Cheers,
cgkanchi

[Cybr1d]

I have another Idea. If you can "Socially Engineer" him to visit a website with an install script in it. spyware brings up some good strategies.

Check this path: "C:\Program Files\Internet Explorer\iexplore.exe" http://install.sidesearch.lycos.com/about.asp"

I have a "Shortcut" in my desktop from Lycos Sidesearch. If I click on that...guess what will happen.

My point is: Have him visit a website that will download a similiar thing on his desktop. Upload some of your "tools" on an FTP...and have the"shortcut" link to them and download them into the victims PC.

[steve.milner]

Originally posted here by pooh sun tzu
A trojan for instance would make perfect sense, but wouldn't that depend upon the ruleset for outgoing on the router? Even if I told it to form up on port 79, the router would still have to allow it. Not sure how that would help incalling home, unless the router didn't have outgoing rulesets...

Go out on port 53 would be my advice, since the network must get external dns from somewhere...

Steve

[Infiltrator]

I glanced through the posts and did not see any reference to SNMP. If he has that open and set for default, it is possible to get all the info you would want from the router and you would be able to make changes to the config. I know with Cisco gear, if you leave the SNMP settings at default, you can get a copy of the config.
If this has been discussed and I missed it, I'm sorry.