troubles with wireless pentest

From: zcrips xrabbitz (zcrips_xrabbitz_at_hotmail.com)
Date: 06/23/04

  • Next message: Ow Mun Heng: "Re: [OT] Re: Packeteer PacketShaper 6.1.2" 
    To: pen-test@securityfocus.com
Date: Wed, 23 Jun 2004 09:56:55 +0100

    hi everyone,
          i have been taking on my first large and blind wireless pentest and i
    have nearly become lost in the jaws of a wireless network and would
    appreciate any help. first i'lll state what i have so far done and seen

    the network was encrypted but with wep and large traffic so i was able to
    bruteforce the key
    The network in focus is quite large with multiple subnets and lots of
    “firewalls”

    These I did.

    Using kismet I sniffed a whole lot of packets. And decoded them with the
    found wep key

    Then using my conventional ettercap and ethereal I looked through the
    packets.
    i sniffed a lot more with ettereal and looked through them for a similar mac
    address but all packets
    had i local (destination) ip and mac address

    Now The Problem.

    I tried to connect to the net work

    I used a nice ip to match one on the network
    (8.5) i changed mac addresses to match the host i was spoofing.

    then i tried to route packets to another client
    which failed with the network unreachable error
    i tried a traceroute to my target client but it failed too with the same
    error

    i used ettercap to passively watch traffic and came up with a comprehensive
    list of ip/mac addresses and tried to spoof most of them but still my
    packets didn't get routed
    i tried using etterape to watch traffic flow and come up with a route but i
    figure out that nearly all traffic was internal most hosts were connecting
    to each other

    HELP:
        HOW CAN I ROUTE PACKETS THROUGH TO OTHER CLIENTS OR BECOME A CLIENT
    OR IS THERE A BETTER WAY I COULD DO THIS WHOLE PENTEST FROM THE BEGINING
    PLS ANY HELP WOULD BE APPRECIATED.

    ZIPPERS CRIPS

    _________________________________________________________________
    MSN 8 with e-mail virus protection service: 2 months FREE*
    http://join.msn.com/?page=features/virus

  • Next message: Ow Mun Heng: "Re: [OT] Re: Packeteer PacketShaper 6.1.2"

    Relevant Pages

    • Re: Awful performance and millions of packets transferred
      ... I ran the same test on a separate network and found ... >that normally around 4000 packets were transferred for that perticular ... >The PC, switches, routers and the server were all checked for network ... The client was passing requests to the server and the ...
      (comp.databases.ms-access)
    • Re: troubles with wireless pentest
      ... I would try some good ol` fashion ARP poisioning with CAIN ...spoof ... > the network was encrypted but with wep and large traffic so i was able to ... > Using kismet I sniffed a whole lot of packets. ... > i tried a traceroute to my target client but it failed too with the same ...
      (Pen-Test)
    • Re: Ethernet issue: works one way but not another
      ... packets transmitted, 5 packets received, 0% packet loss ... (This is when connected directly to internet through ... FBSD, I have been working with BSDI at the isp I work for for the last ... As for my network topology, I have an internal network that goes ...
      (freebsd-questions)
    • RE: troubles with wireless pentest
      ... the network was encrypted but with wep and large traffic so i was able ... Using kismet I sniffed a whole lot of packets. ... i tried a traceroute to my target client but it failed too with the same ... HOW CAN I ROUTE PACKETS THROUGH TO OTHER CLIENTS OR BECOME A CLIENT ...
      (Pen-Test)
    • Re: Update: UDP 770 Potential Worm
      ... > the network immediately after the 'attack', ... were no packets indicating some form of replication. ... I noticed that the UDP ... > of the UDP datagrams is the IP address of the proxy? ...
      (Incidents)