How does it know

[babadoctor]

So when I scan an ip i have permission to scan, i get this:

How does it know that port 443 is that exact type model of router? I know it is that router because i have seen it with my own eyes. But when i try to connect from port 443, i see this:

how does it possibly know?

since it is blocking me

[Decon]

So when I scan an ip i have permission to scan, i get this:

 

how does it possibly know?

since it is blocking me

all I see here is a router not having an HTTPS web interface...

[babadoctor]

all I see here is a router not having an HTTPS web interface...

No i am port scanning an IP 

and i see that the router shows its config interface

how the fuck is that possible if i cant see it with connection from my browser

it doesnt let me connect from browser but

here

 

 

I nmap -sV a public IP and it showed me this

port 80 (normally)

port 443 which for some reason showed me what router was behind the firewall

port 3389-90 is RDC

 

HOW DID nmap FIND OUT WHAT ROUTER FIRMWARE THE IP HAD?

[Decon]

No i am port scanning an IP 

and i see that the router shows its config interface

how the fuck is that possible if i cant see it with connection from my browser

it doesnt let me connect from browser but

here

 

 

I nmap -sV a public IP and it showed me this

port 80 (normally)

port 443 which for some reason showed me what router was behind the firewall

port 3389-90 is RDC

 

HOW DID nmap FIND OUT WHAT ROUTER FIRMWARE THE IP HAD?

I don't see where it says what firmware revision the router is.  All sonicwall routers have sonicwall firewalls AFAIK; nmap probably picked up on MDNS / NetBIOS

 

 

EDIT: It could also be noting what services are being forwarded through those ports (explaining Squid proxy on port 80 and the firewall forwarding through 443

 

How is this network set up?

[babadoctor]

I don't see where it says what firmware revision the router is.  All sonicwall routers have sonicwall firewalls AFAIK; nmap probably picked up on MDNS / NetBIOS

 

 

EDIT: It could also be noting what services are being forwarded through those ports (explaining Squid proxy on port 80 and the firewall forwarding through 443

 

How is this network set up?

i have no idea 

I cant connect to it remotely

If it helps this is a school network

what is squid proxy?

if the firewall is ported throgh 443, then can i connect to the firewall somehow?

On a sidenote i have never experienced this picking up on my arris router at my home, but this may be different since i portscan with -Pn on my home due to it blocking ping, but this network does not block pings

 

They gave me limited information, like how a hacker is given limited information

They wanted to see what i could access and gather remotely 

 

EDIT:

AFAIK squid proxy is a type of web page, like apache?

[Decon]

i have no idea 

I cant connect to it remotely

If it helps this is a school network

what is squid proxy?

if the firewall is ported throgh 443, then can i connect to the firewall somehow?

On a sidenote i have never experienced this picking up on my arris router at my home, but this may be different since i portscan with -Pn on my home due to it blocking ping, but this network does not block pings

 

They gave me limited information, like how a hacker is given limited information

They wanted to see what i could access and gather remotely 

 

EDIT:

AFAIK squid proxy is a type of web page, like apache?

squid is for website caching, its a proxy after all 

[Decon]

scan LAN and look for all connected devices.   See if you can locate the firewall by DNS/mDNS/NetBIOS and then see if you can use it's IP to access the remote console.  You could try hydra (or similar) to brute force the admin auth for the firewall or use some sort of packet analyzer to hijack an admin session

[babadoctor]

scan LAN and look for all connected devices.   See if you can locate the firewall by DNS/mDNS/NetBIOS and then see if you can use it's IP to access the remote console.  You could try hydra (or similar) to brute force the admin auth for the firewall or use some sort of packet analyzer to hijack an admin session

remotely was the goal.

Not exactly LAN is what i am aiming for.

 

For example if a hacker wants to attack remotely

[Decon]

remotely was the goal.

Not exactly LAN is what i am aiming for.

 

For example if a hacker wants to attack remotely

yeah I bet their firewall blocks all uninitiated HTTP sessions unless they host some sort of server on that network.

 

why do you need to know this >.>

[babadoctor]

yeah I bet their firewall blocks all uninitiated HTTP sessions unless they host some sort of server on that network.

 

why do you need to know this >.>

My school asked me to test their network