Jump to content

getting past the access point without VPN


mshenoy

Recommended Posts

hey there hak5'ers,

Well I have a setup at school where we first connect to a WIFI access point and then sign in to the VPN to get access to the INTERNET.

So the other day I saw the episode 5X04 where mubix has a strategy to ssh through DNS. But now when I connect to the access point I tried pinging outside the network but it wont work not Google nothing. So its apparent that they have disabled "icmp out" at the access point or something like that. I am doing this just to get a hang of this and I just want to know what would be another way to accomplish the same ? Like ping to my server outside without getting on the VPN and only through the access point. I can ping the access point Gateway at least but not at all to the outside....

Link to comment
Share on other sites

No it does not... Not until I am inside the VPN...

if I am on the access point and I nslookup it gives a

"DNS timed out

timeout was 2 seconds

***Can't find server name for address 134.88.1.4(which is the gateway probably): timed out"

That is precisely the message I get

So hence I am confused.... What do you think can be done ?

Link to comment
Share on other sites

You could check what DNS servers your computer is given by the DHCP server, and if it's any thing other than the default gateway try setting the default gateway as your DNS resolver. If the DHCP server has a diffrent IP try setting that as the DNS server. If this does not work you cannot use DNS tunnelling. DNS needs to work for DNS tunnelling to work.

Be also aware: DNS tunnelling at school and getting caught will probably land you in a pile of shit up to you eyes.

Link to comment
Share on other sites

hahahah thanks for the warning... I know what you mean ... but I just have to try it .... I am too freaking curious to know what their setup is and how the hell they are blocking it.... thats just me

and as what you said I did try that....

tell me tell you how the setup is ...

When I connect to the access point

the IP I am assigned is 192.168.218.*

the gateway is 192.168.216.1

the DHCP server is a different ip 134.88.3.*

and the Dns server is 134.88.1.*

So as you said I changed the dns server to the gateway and then to the dhcp address respectively

but it still wont freaking resolve anything....

Link to comment
Share on other sites

hahahah thanks for the warning... I know what you mean ... but I just have to try it .... I am too freaking curious to know what their setup is and how the hell they are blocking it.... thats just me

and as what you said I did try that....

tell me tell you how the setup is ...

When I connect to the access point

the IP I am assigned is 192.168.218.*

the gateway is 192.168.216.1

the DHCP server is a different ip 134.88.3.*

and the Dns server is 134.88.1.*

So as you said I changed the dns server to the gateway and then to the dhcp address respectively

but it still wont freaking resolve anything....

What's your mask? if it's /24, your gateway is in a different subnet.

I assume their network is setup like this... 192.168.218.x is the WLAN. Those people need to VPN into another subnet, such as 192.168.216.x The 216 subnet has an ACL that allows it out to the internet. The 218 subnet has an ACL that does not. No amount of tunneling will work as long as your IP address is in the 218 range and you are on that WLAN interface.

Tunneling is for when ports are filtered. From what you are saying, I don't think that's your problem.

Link to comment
Share on other sites

So since the WLAN is not allowing me to go outside as per the ACL's there is no way out to the outside world ?

Yea as you said I think everything is blocked so I don't see a way out. But I was wondering DNS should have a way out.

On that note does anyone have a full fledged article or something on DNS where in I can read the ins and outs of it. Detailing every aspect of it. Let me know if anyone in the community knows.. Thanks for the help so far.

What's your mask? if it's /24, your gateway is in a different subnet.

I assume their network is setup like this... 192.168.218.x is the WLAN. Those people need to VPN into another subnet, such as 192.168.216.x The 216 subnet has an ACL that allows it out to the internet. The 218 subnet has an ACL that does not. No amount of tunneling will work as long as your IP address is in the 218 range and you are on that WLAN interface.

Tunneling is for when ports are filtered. From what you are saying, I don't think that's your problem.

Link to comment
Share on other sites

So since the WLAN is not allowing me to go outside as per the ACL's there is no way out to the outside world ?

Yea as you said I think everything is blocked so I don't see a way out. But I was wondering DNS should have a way out.

On that note does anyone have a full fledged article or something on DNS where in I can read the ins and outs of it. Detailing every aspect of it. Let me know if anyone in the community knows.. Thanks for the help so far.

Why do you think DNS is open? You said before when you do an nslookup it comes back with nothing. DNS probably is open in the VPN'd subnet, not the one you are in.

Link to comment
Share on other sites

Yea I think DNS isn't open. I was just assuming theres some way to get out to the internet.

Anyways thanks for the reply

Why do you think DNS is open? You said before when you do an nslookup it comes back with nothing. DNS probably is open in the VPN'd subnet, not the one you are in.
Link to comment
Share on other sites

If your curious ask. Oh and the shit up to your eyes I wouldn't be going hahahaha, unless you like getting in to shit (I personally have never met someone who does).

@zimmer --- dude u havent yet met but now you have...

and I don't see why you even replied... cos ur post isnt useful in any aspect to this thread ?

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...