iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
"Scanning Your Own Cable Modem"
  • McKittrick
    Posts: 194
    the method i am about to post might be old. i did this 8 years ago or so on an ethernet network when i was using a standard cable modem

    you will need a basic port scanner like nmap and a packet sniffer and perferably a tool like snmpwalk (from snmp-utils) to dump the SNMP info you will receive

    with the sniffer running, turn off the modem then turn it back on (in some cases it is necessary to turn off the computer itself then boot it back up) open up your sniffer and watch for the modem syncing up and getting it's IP address from your local ISP. from there on the sniffer you will notice a private IP like "10" ,in my case, or maybe a 192. with that IP you can then feed that into NMAP and start scanning. you will usually notice the cable modem does not offer up many ports, but one that might be open is port 161 UDP (SNMP). if that is the case, simply use snmpwalk or an NSE script in NMAP that uses the SNMP protocol for extracting info and you will gleam ALOT of information! you will see a plethora of info, including possible filtering exclusions your ISP has set on the modem, and even your local ISP network environment, in some cases

    in very rare cases, you might even have a chance to have RW access, and in that case---if the password can be acheived, you will be able to issue SET commands as well. if the SET commands are successful, in some cases you can actually directly alter config info from the modem, like route tables and port filtering rules. very rarely will one find he has SET command abilities, but even w/ just simple R mode, you can get a ton of info right from your cable modem
  • McKittrick
    Posts: 194
    so has anyone on here actually tried this since i posted it? i assume it could also be done with a WAP also
  • chroniccommand
    Posts: 1,389
    Couldn't you just use nmap -sS 192.168.1.1/24?
  • Xin
    Posts: 3,251
    Would be nice for a more in depth tutorial, with the results you got.
    Xin
  • McKittrick
    Posts: 194
    chronic, the IP will not always be a 192. in my case, it was a 10, and other times i would see a 24 block (the 24 block was what my ISP was using at the time). the way i understand it, you will see the IP come up in the traffic dump at bootup, and you will see the IP of the cable modem, which is an IP from the INSIDE INTERFACE of the private ISP network side. so sometimes it can be 10 (private, non-routable), and other times they will have a standard 24 or so. i mentioned this concept simply because i have not met alot of people who knew how to look for their own modem's IP to scan it. this method always worked for me

    (the other thing i failed to mention, is once i found that cable modem IP/block, i scanned the range and found SEVERAL modem configurations available to me! apparently if you are behind the ISP, you can see into their private range (security mishap perhaps?)
Add a Comment