Re: how to find a static IP



One caveat to this I think, you'd need to be sniffing the target device side of the router for the scan reply, because the target likely has no route to the scanning laptop through the router, the target is going to likely try to arp it's default gateway once it gets a valid scan packet with the right target IP in it, that's what it will need to do to try to reply, that's how you'll know you stumbled onto the target's IP address.

If this logic is wrong I'd love to hear from someone so I know for future reference... I am basing this on my knowledge of how packets are constructed for this puzzle.

-Mark Coleman



Mark wrote:
I think the answer might be this:

Get a router, one armed is OK.

One side of the router will be your scanning laptop. Make up IP addresses, for example make laptop 10.10.10.1 and router 10.10.10.2. Use 10.10.10.2 as your default gateway in the laptop.

The second port (or second network on same port if one armed) of the router, make up another address. Say, 20.20.20.1. Add a static arp in the router for 20.20.20.2 to be the MAC address of the target you are trying to identify, then make the default gateway of the router 20.20.20.2 (so your scanning packets will hit your target regardless of what the dest IP is, and the router will construct every packet with the dest MAC of your target machine).

I'd think that a long long scan of private networks would eventually reveal the IP of the host.

If you know you didn't use a deep CIDR on the mask, you could also just scan (or just ping?) the broadcasts of each network instead of every IP in each network (192.168.1.255, 192.168.2.255, etc etc).
Use the above config and then instead of nmap just try pinging 192.168.1.255, 192.168.2.255 etc etc and find what network it's in for starters.

If this works let us know, as I am sure we're all curious.

-Mark Coleman



Robin Wood wrote:
2009/7/15 Lord Lunatic <l0rd_lunatic@xxxxxxxxx>:
Get the mac address (if not via sniff there have to be some stickers with it on it) and make a static arp entry on your client with an free ip adress of your subnet.

arp -s 10.128.1.1 00:90:33:ff:dd:11

Then you should be able to reach it

That would get traffic to the box but would the box then drop the
traffic higher up the stack as the IP address wouldn't match?

If this does work then I'll be putting it in my bag of tricks because
it is a really useful idea.

Robin

Andre

-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] On Behalf Of Cisternas Marquez, Gonzalo
Sent: Dienstag, 14. Juli 2009 20:36
To: redhavoc; security-basics@xxxxxxxxxxxxxxxxx
Subject: RE: how to find a static IP

Nick:

Use a cross cable with a Linux box and send "ping -b 255.255.255.255". "-b" for broadcast.

Usually the "Net management port" of SUN servers is 10Mb autosense only. Try to connect with the Serial managemente port (a ligth blue Cisco cable will work). The user could be "admin".

Using the sys-unconfig script will not erase the contentes of the RSC/ALOM/Ilom/ELOM/SXCP management port.

I Hope this could help.

G.C.
-----Mensaje original-----
De: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx] En nombre de redhavoc
Enviado el: Martes, 14 de Julio de 2009 11:46
Para: security-basics@xxxxxxxxxxxxxxxxx
Asunto: how to find a static IP


Hello people,

I have inherited a new SUN server, and while running the sys-unconfig command I have sort of messed it up. I know it has an ethernet management port configured with a static IP, but I do not know this IP.

My idea was to connect this server and a computer on to a switch, boot a linux and port scan every internet address. Since its a private lan I would not be bothering anyone else. Since there is no dhcp and I want no routing I started the ethernet using
ifconfig eth0 1.1.1.1 netmask 0.0.0.0 up
The device started, but when I use nmap to scan IPs it does not know how to route packets.

So the question is ... how do I scan every possible address in a private network. Also, is there a better way to find this static IP ?

Regards
Nick





------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1

------------------------------------------------------------------------





------------------------------------------------------------------------

Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1

------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1

------------------------------------------------------------------------




------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------



Relevant Pages

  • Re: [Network] Reaching the right target
    ... Reaching the right target ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: getting routes from internet facing routers
    ... Just have a proper ACL on the router, ... seeing what private IP routes ... You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. ...
    (Security-Basics)
  • Re: Router for filtering
    ... I am trying to get my hands on a router that will seamlessly enable me ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Re: How to tweak tools against targets that block ICMP
    ... Here's how Tool A works against Target A. ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)
  • Router for filtering
    ... I am trying to get my hands on a router that will seamlessly enable me ... to prevent some people on the network from being able to browse (use ... Securing Apache Web Server with thawte Digital Certificate ...
    (Security-Basics)