From: Michael (blackavar@citizensofgravity.com)
Date: Wed Jun 01 2005 - 21:47:58 EDT
Hmmm... this is fun, let me think...
You could use the port forwarding/NAT on the router to set up whatever
server applications you want on an internal machine (this is where you
have to worry about your internal customers... how many hotels with free
high-speed have default user/pass set on their DSL routers? ta-daaa, no
reason to stop BitTorrenting when you're on the road.
Or, if you want to be more broadly evil (again, w/o hurting the router
itself,) you could change port forwarding from a trusted internal server
to something you control on the inside that would allow you to deliver a
browser-based attack, a phishing attack, harvest VPN or intranet
passwords, etc.
Or, if it's a Netgear or something that's polite enough to tell you
what's currently connected, you could then enumerate internal hosts on
the network, and then use the port forwarding function to do
vulnerability testing from outside :-)
You could turn content filtering off, if it's on, to allow you to tunnel
in or out of the network.
The router might contain VPN settings for another remote host.
If you're on, say, a branch office of a larger network, then even the
logs might be interesting for helping you to enumerate the topology of
the larger network
Have fun :-)
-Mike
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:22 EDT