Forum Thread: Gateway Hacking

Gateway Hacking

Hi, i'm currently pentesting a network, i hacked into some cisco devices (switches, phones...), and the gateway specified in them is 192.168.1.254, i tried hacking it, started nmap'ing, using different scan types and commands, most of them said that all 1000 ports (which are the most important though) are filtered, and some said open|filtered, i couldn't even find what OS it uses (nmap -O ...)! i don't know anything about it! I don't know what type of devices is this, i couldn't access it using a browser (port 80, or 8080), i tried netcat, and telnet, nothing worked! I think it is behind a firewall or something!

So what do hackers normally do in those situations ?! Note that i don't know where it is located in the building!

11 Responses

If you hacked some cisco devices within their lan, then you are already inside the LAN and behind the firewall why would you need the gateway?? it is more interesting i guess to find the servers. Sorry, i know my answer isn't of any help to your problem

the problem is that i have very very short time, just 15 min average/day, so i hack whatever i see!!

the network has 100+ devices!!

maybe find the WAN ip adress. Then nmap that. sorry for bad grammer.

i have the external ip, i will try to hack it later, but i don't think even i hacked it, i will get full access to the network such like if i was in LAN! also, that ip has no login page (i can't access it in browser!) i can share the ip if u want

any reason you haven't scanned all ports?
-p 1-65255

because it consumes time, and i don't have that time!!

ok, i did that scan but on the wan ip, from my pc, not in the lan, i used this command: nmap -p 1-65535 -T4 -A -v -Pn <IP> , the host was down when i didn't use -Pn, that means it's behind a firewall or something like that!

The result is that all 65535 are filtered, so... also "Too many fingerprints match this host to give specific OS details" ! what to do ?!?!

if you are in the LAN ,scan the subnet
nmap -sV 192.168.1.0/24

i know what that does, but how that help in my case (question) ?

Today I found another subnet (192.168.001.x), the network boot manager (which windows can be installed from it in lan), it has the ip of 192.168.001.222, I nmap'ed it, it seems to be windows 7 or abover, it has many ports and services, one of them is 3306/mysql, I did "nmap -sV -p 3306 <ip>" it uses mysql 5.5.28 version, I searched for vulnerablities for it, there are some in the cve, but I'm not any good with advanced vulnerabilities/exploits, so I will just give it a try tomorrow! I appreciate any help.

Share Your Thoughts

  • Hot
  • Active