My friend SuRGeoN from Greece wrote a very interesting pen-test paper which explains how easy is to convert an internal network into an external with the port redirection technique. He demonstrates the attack scenarios – including network architecture diagrams – and goes into great technical details about them.

Furthermore, here are the steps which the attacker would follow:

1. Information gathering for the external network2. Seeking for vulnerabilities & misconfigurations3. using flaws to get a shell4. Information gathering for the internal network5. Escalating privileges for the internal network6. Converting internal network to external

Download SuRGeoN’s paper from here: [ srgn-pentest-01.pdf ]

This information is provided to you ONLY for educational purposes. the way that the information in this paper will be used, depends on the individual’s legal and ethical attitudes. YOUR choice!… YOUR risk!…

Comments on the paper are of course welcome. You can also contact SuRGeoN via e-mail: surgeony/gmail.com (replace / with @).

Pen-Test Paper: How An Internal Network Becomes External

Tags: e mail, ethical attitudes, gmail, network architecture, privileges

This entry was posted on Saturday, July 17th, 2010 at 1:45 am and is filed under Pen Friend Information. You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.