Re: troubles with wireless pentest
From: pingywon MCSE (pingywon_at_gmail.com)
Date: 06/24/04
- Previous message: Peter Wood: "Re: Limited vs full blown testing"
- In reply to: zcrips xrabbitz: "troubles with wireless pentest"
- Next in thread: terrydunlap_at_netzero.com: "Re: troubles with wireless pentest"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 24 Jun 2004 08:40:11 -0400 To: zcrips xrabbitz <zcrips_xrabbitz@hotmail.com>
I would try some good ol` fashion ARP poisioning with CAIN ...spoof
yourself as one of the access points/routers/firewalls (too many names
for these appliances)
#1) get CAIN http://www.oxid.it/cain.html
#2) read this limited, but easily written tut on ARP Poisioning -
http://www.illmob.org/texts/ifellonmynose.txt
good luck!
On Wed, 23 Jun 2004 09:56:55 +0100, zcrips xrabbitz
<zcrips_xrabbitz@hotmail.com> wrote:
>
> hi everyone,
> i have been taking on my first large and blind wireless pentest and i
> have nearly become lost in the jaws of a wireless network and would
> appreciate any help. first i'lll state what i have so far done and seen
>
> the network was encrypted but with wep and large traffic so i was able to
> bruteforce the key
> The network in focus is quite large with multiple subnets and lots of
> "firewalls"
>
> These I did.
>
> Using kismet I sniffed a whole lot of packets. And decoded them with the
> found wep key
>
> Then using my conventional ettercap and ethereal I looked through the
> packets.
> i sniffed a lot more with ettereal and looked through them for a similar mac
> address but all packets
> had i local (destination) ip and mac address
>
> Now The Problem.
>
> I tried to connect to the net work
>
> I used a nice ip to match one on the network
> (8.5) i changed mac addresses to match the host i was spoofing.
>
> then i tried to route packets to another client
> which failed with the network unreachable error
> i tried a traceroute to my target client but it failed too with the same
> error
>
> i used ettercap to passively watch traffic and came up with a comprehensive
> list of ip/mac addresses and tried to spoof most of them but still my
> packets didn't get routed
> i tried using etterape to watch traffic flow and come up with a route but i
> figure out that nearly all traffic was internal most hosts were connecting
> to each other
>
> HELP:
> HOW CAN I ROUTE PACKETS THROUGH TO OTHER CLIENTS OR BECOME A CLIENT
> OR IS THERE A BETTER WAY I COULD DO THIS WHOLE PENTEST FROM THE BEGINING
> PLS ANY HELP WOULD BE APPRECIATED.
>
> ZIPPERS CRIPS
>
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE*
> http://join.msn.com/?page=features/virus
>
>
-- ~pingywon MCSE http://www.pingywon.com
- Previous message: Peter Wood: "Re: Limited vs full blown testing"
- In reply to: zcrips xrabbitz: "troubles with wireless pentest"
- Next in thread: terrydunlap_at_netzero.com: "Re: troubles with wireless pentest"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
