Re: Mapping a network



DNS cache poisoning or wpad attacks

Sent from my iPhone

On Sep 22, 2009, at 4:04 PM, Lee <ler762@xxxxxxxxx> wrote:

On 9/22/09, Zack Payton <zpayton@xxxxxxxxx> wrote:
Forget about scapy or the cisco perl scripts. Use dynamips and get
your own virtual router running on their network.
But if passive interface is enabled, you're pretty screwed attempting
route injection from that vantage point in the network.

Which is what I thought, but I was wondering if I was missing something..

I would probably resort to arp spoofing to client side browser pwnage
and trying to escalate that way.

DHCP snooping is enabled, so that seems to kill any arp spoofing tricks.
Trunking is disabled on all the switch ports, so that seems to kill
any vlan hopping tricks.

... maybe if I offer someone a chocolate bar for their password :)

Thanks,
Lee

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: Mapping a network
    ... route injection from that vantage point in the network. ... so that seems to kill any arp spoofing tricks. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • RE: IDS Sensor operation
    ... How does a RealSecure Kill work? ... have to reconfigure one of your network devices to kill the connection. ... Subject: IDS Sensor operation ... But there is an optionality in an IDS to alert the firewall ...
    (Focus-IDS)
  • Re: IP secondary network visualization tool?
    ... IP secondary network visualization tool? ... Information Assurance Certification Review Board ... IACRB CPT and CEPT certs require a full ...
    (Pen-Test)
  • Re: WiFi sniffing need to be connected?
    ... I think it depends on which client you are trying to sniff. ... on wifi then if you put your card in promiscous mode you should be ... that network. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: [Full-disclosure] What is wrong with schools these days?
    ... department that has the ability to kill a switch port. ... Kill the network ... It's *particularly* hard to get their attention when the PHB is the University ... As a result, we're often unable to say much more than "We got your report, ...
    (Full-Disclosure)