network vulnerability testing
Your network may be hackable. There is probably some vulnerability present that if a hacker scanned your wifi IP, they would find a backdoor into your network.
This is going to include a few ways to scan your network in depth for open ports, how to hide your IP, and how to harden your network to prevent access from people with malicious intentions.
First of all. What is a network? A network is a series of devices connected together through wireless or ethernet connections. Your router acts as a server, and contains the data that is shared. Each server has a public IP address that can be shared, this is why we use VPN’s when visiting some websites, a VPN shows a different IP to our actual one, so people can’t access our physical location by searching with our IP.
Basic diagram of how a home network is structured.
endpoints send data packets to routers with an IP address attached kind of like how you would send a parcel with an address on it.
router/switch reciveves data packets from endpoints and chooses the best path for them to take across a network. This is reliant on knowing the IP address or destination of the data packet.
Finding your IP address is pretty easy try googling it and it will appear. Your external IP address is shown to websites when you visit, note that it isn’t your devices IP (internal) but your external network IP. So nobody can find your exact device on the network but they can see your location approximately.
If an adversary gains access to your public IP address they can do several things with it. They can scan for vulnerabilities and find open ports to gain access to your network.
pentesting to find vulnerabilities in your network
To scan for vulnerabilities in our network, we need to scan from outside our own network. To achieve that, we are going to set up our own Linux server outside our network. Its best to use a cloud computing platform. I’m going to be using Linode.
Once i’m in my Linode account i’m going to click ‘create’ and ‘Linode’
follow the prompts, and choose an area relatively close to where you live.
once our server is created click ‘Launch LISH Console’ to launch your server
the username to login will be ‘root’ and the password is the one you created while setting up
I would reccomend using the command ‘apt-get update’ to make sure your server is able to packages
as well as ‘apt-get upgrade’
then use the command ‘apt install nmap’ to install nmap on your Linux server
we’ll start of with a ping scan to see if host is running (I’m not including my actual ip address)
the -sT flag is to perform a TCP scan
My nmap is saying host is down when it is not down, meaning my network has a firewall in place. I do have an Nmap tutorial on my blog which has information and tips for bypassing firewalls however some are diffcult to bypass with my current skills. so what I have going to do is run another scan and fragment the packets I send to hopefully allow them to pass through without being recognised by my firewall.
I’m using the - -mtu flag to fragment my packets by 16, you can also use the -f flag. apparently my firewall is configured to handle fragmented packets so we are going to try another way.
I’m going use a pretty easy website pentestools.com to see if its my configuration or the host I am trying to scan
as we can see here, my home network has zero open ports.
Discovering hosts on a network
Maybe we want to see if someone is already inside our home. ARP (address resolution protocol) works by sending requests to all possible host IP addresses within a network range that has been specified.
First, we can learn about the subnet mask within our home network. If I use the command ‘IP add’ in kali linux it will tell me the host IP under inet. An IP address is split into four octets, the first three represent the network portion of the IP address and the last represents the Host portion.
When we scan with Arp-scan we neet to specify the interface. I’m also using sudo -i to give me root privileges without having to use sudo command everytime.
when I scan from my Kali Machine within from my eth0 interface I am given three hosts above and the blank is the other IP addresses in my network.