recon router

hw3/hw3.md

@@ -69,6 +69,9 @@ MAC Address: 28:87:BA:75:7E:98 (TP-Link Limited)
 
 Nmap scan report for bookworm (192.168.0.139)
 MAC Address: D8:3A:DD:7E:3C:31 (Unknown)
+
+Nmap scan report for 192.168.0.240
+MAC Address: E4:5F:01:91:0C:52 (Raspberry Pi Trading)
 ```
 We have one router/gateway (archer/28:87:BA:75:7E:98), one persistant client device (bookworm/D8:3A:DD:7E:3C:31). The other devices shown in some of these scans do not seem to persist and are not shown in my last scan which is at the time of writing. I will now scan for open ports on these available devices.
 
@@ -76,10 +79,12 @@ We have one router/gateway (archer/28:87:BA:75:7E:98), one persistant client dev
 As the router/gateway, I do not expect any interesting servcies to be running here. But let us make sure
 ![archer-scan](./archer-scan.png)
 
-As probably expected, our gateway is responding to DNS requests, and has a web interface open on http(s).
+As probably expected, our gateway is responding to DNS requests, and has web interfaces open on http/s.
 
-Let's assume the port 80 traffic is only allowed to redirect users to the SSL web traffic on 443. From my home machine, I can do the following to tunnel traffic and take a look at the web page
+Using ssh tunneling from 192.168.0.1:80 to localhost:8080, I can take a look at the web page on http. As shown, it prompts for a password, but is otherwise unremkable. When looking at the page on https, it is also un-remarkable, and just says that https is not supported (not shown)
-![ssh-double-tunnel](./ssh-double-tunnel.png)
+![tp-link-page](./tp-link-page.png)
+
+I decided not to try any attacks against the router and will be moving on.
 
 ### Open ports and services on bookworm