Connecting to remote networks

Hi everyone,

I am new to HTB and absolutely love it. I found the site last week and have been playing ever since.

However, there is one question that has been bugging me recently. Obviously I can attack the machines on HTB because I am connected to the same network as them. How would an attacker connect to a remote network before targeting a machine? I undersand how it works with WiFi networks if the attacker was in range of the signal, but what if the network was completely out of range, possibly in another state, or another country. How would an attacker connect to the network? Is it a similar idea to HTB (VPN)? Would they connect using IP address? MAC Address?

I’m sorry if this is a stupid question but I love playing around with the machines on HTB, but I would just love to know how an attacker would connect to a remote network before targeting any machines.

Many Thanks

You asked a question and answered it yourself with another question

One way is phishing: you send an email to a user on the target network.

Then you kindly ask the user to launch a Remote Access Tool/Trojan (RAT) for you. You use this RAT to control the user’s computer on the target network as a first launching platform.

Alternatively, ask the user for the credentials for the corporate VPN.

Other ways are server connected to the public internet and the internal company network. If you found our way through such a server you can access the internal network.

1 Like

I am mostly interested in methods that do not require social engineering. Is a VPN something that most companies would have? Then would it be a case of connecting like we do with HTB? What if one was able to connect to the admin panel for the router via IP/Browser, could something be done with the DNS tables or anything?

I have some experience with pen testing, but its always been against vulnerable boxes, on the same network, either NAT network or VPN like here on HTB, but connecting to the target network is something i dont understand. I do understand it with wifi networks and have practiced with certain well known tools, but say an attacker only had the IP address of the out of range router? I’m not even sure how an attacker would get the IP address off the company/organisation router, since most do not host their own websites and use hosting companies, so i didn’t ever really see that as a way into target machines except in some cases.

The reason this comes to mind is that there was a very high profile hack in the news a few weeks back, and it led me to wondering how the attacker connected to the network before targeting the machines, as im guessing they were not even in the same country as the hack they pulled off. Its purely for understanding and educational purposes.

Social engineering is absolutely a valid vector. Aside form that though, as a rule some resources somewhere have to be publicly exposed. Maybe that is a companies website or their email server. Or perhaps they have a VPN setup for remote workers to access their network. If that VPN server is vulnerable or credentials for it are stolen somehow, then an attacker has a way in.

Old by funny: From North American casino 10 GB data was transferred through a high-tech fish tank.
Darktrace - Global Threat Report 2017

This is the hack in the news from a few weeks back that got me thinking about this. Obviously the attacker knew what they wanted: data from police computers, but surely these computers would be on a private LAN? That got me wondering how they were able to connect to that LAN before pilfering the boxes…