Hi everyone, i'm trying to pentest a network, it's a big one, lots of routers, cisco devices, tp-links....(i'm so noob at networking). I have an access to it from some PCs, but for only very limited time, when i was testing it, i arp-scanned (arp-scan -l), i found lots of devices on 192.168.1.X subnet, but i think there are more sunnets, so how can i discover them ?
The other thing i need to know, (which is what i mainly want), is how to have an access to this network from my PC (home) just like if i were in LAN ? Unfortunately, i couldn't collect much info about the network, but there are lots of devices which i can access by a web browser, i found some of their passwords, but the main one (192.168.1 1) i don't know its password, unless i get the external ip, and bruteforce it from home (for example), is there another way to find its password (other than brute forcing oe social engineering) ? also, Rom-0 vulnerability doesn't work on it... I noticed that there maybe another main router or something like that, its ip is (192.168.1.254/6) but i can't access it in browser! No login page! I have the network dns server ip, there are 2, 1 primary, and 1 secondary (i collected that info from a cisco device ( cisco 6500 or 6501), the weird thing in it is that it's named ("IT man name"-phone), and it has the IT man phone (i think they are his) logs, to the latest date!!! I also was able to change the dns server. Like, is this a swotch ??!! What a weird features in it ?!!! And how can i have more time to pentest it ? How can i make it accessible from my home ? Vpn ? portforward ? what ? Explain please. I really want to have this experience! Thos network is the first big for me!!
I know that i may find something if i googled "access lan from wan", but this network isn't simple as a normal home one! many routers/switches, lots of ip's and devices! it's confusing! (at least for me!)
*By acessing it, i mean being able to scan it, and all the devices connected to it (pc's, routers, switches, cameras, servers, firewalls...) from my home, so i will be able to open a terminal and type nmap 192.168.1.0/24 or an arp-scan command, and find all it's devices, and start testing them one by one!) Also, please don't forget my first question, how to find different subnet ?!
Thanks in advance. And sorry for being noobie!