Re: Mapping a network
- From: Zack Payton <zpayton@xxxxxxxxx>
- Date: Tue, 22 Sep 2009 21:08:34 -0500
DNS cache poisoning or wpad attacks
Sent from my iPhone
On Sep 22, 2009, at 4:04 PM, Lee <ler762@xxxxxxxxx> wrote:
On 9/22/09, Zack Payton <zpayton@xxxxxxxxx> wrote:Forget about scapy or the cisco perl scripts. Use dynamips and get
your own virtual router running on their network.
But if passive interface is enabled, you're pretty screwed attempting
route injection from that vantage point in the network.
Which is what I thought, but I was wondering if I was missing something..
I would probably resort to arp spoofing to client side browser pwnage
and trying to escalate that way.
DHCP snooping is enabled, so that seems to kill any arp spoofing tricks.
Trunking is disabled on all the switch ports, so that seems to kill
any vlan hopping tricks.
... maybe if I offer someone a chocolate bar for their password :)
Thanks,
Lee
------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board
Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
http://www.iacertification.org
------------------------------------------------------------------------
- Follow-Ups:
- RE: Mapping a network
- From: David_Falloon
- RE: Mapping a network
- References:
- Mapping a network
- From: arvind doraiswamy
- Re: Mapping a network
- From: Kurt Buff
- Re: Mapping a network
- From: Zack Payton
- Re: Mapping a network
- From: Lee
- Re: Mapping a network
- From: Zack Payton
- Re: Mapping a network
- From: Lee
- Re: Mapping a network
- From: Zack Payton
- Re: Mapping a network
- From: Lee
- Mapping a network
- Prev by Date: Re: Mapping a network
- Next by Date: Wireless and Bluetooth free tools
- Previous by thread: Re: Mapping a network
- Next by thread: RE: Mapping a network
- Index(es):
Relevant Pages
|
