Re: troubles with wireless pentest

From: pingywon MCSE (pingywon@gmail.com)
Date: Thu Jun 24 2004 - 08:40:11 EDT

• Next message: S Walker: "RE: troubles wireless pen test"
• Previous message: Richard Rager: "Re: Limited vs full blown testing"
• In reply to: zcrips xrabbitz: "troubles with wireless pentest"
• Next in thread: Jerry Shenk: "RE: troubles with wireless pentest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I would try some good ol` fashion ARP poisioning with CAIN ...spoof
yourself as one of the access points/routers/firewalls (too many names
for these appliances)

#1) get CAIN http://www.oxid.it/cain.html
#2) read this limited, but easily written tut on ARP Poisioning -

http://www.illmob.org/texts/ifellonmynose.txt

good luck!

On Wed, 23 Jun 2004 09:56:55 +0100, zcrips xrabbitz
<zcrips_xrabbitz@hotmail.com> wrote:
>
> hi everyone,
> i have been taking on my first large and blind wireless pentest and i
> have nearly become lost in the jaws of a wireless network and would
> appreciate any help. first i'lll state what i have so far done and seen
>
> the network was encrypted but with wep and large traffic so i was able to
> bruteforce the key
> The network in focus is quite large with multiple subnets and lots of
> "firewalls"
>
> These I did.
>
> Using kismet I sniffed a whole lot of packets. And decoded them with the
> found wep key
>
> Then using my conventional ettercap and ethereal I looked through the
> packets.
> i sniffed a lot more with ettereal and looked through them for a similar mac
> address but all packets
> had i local (destination) ip and mac address
>
> Now The Problem.
>
> I tried to connect to the net work
>
> I used a nice ip to match one on the network
> (8.5) i changed mac addresses to match the host i was spoofing.
>
> then i tried to route packets to another client
> which failed with the network unreachable error
> i tried a traceroute to my target client but it failed too with the same
> error
>
> i used ettercap to passively watch traffic and came up with a comprehensive
> list of ip/mac addresses and tried to spoof most of them but still my
> packets didn't get routed
> i tried using etterape to watch traffic flow and come up with a route but i
> figure out that nearly all traffic was internal most hosts were connecting
> to each other
>
> HELP:
> HOW CAN I ROUTE PACKETS THROUGH TO OTHER CLIENTS OR BECOME A CLIENT
> OR IS THERE A BETTER WAY I COULD DO THIS WHOLE PENTEST FROM THE BEGINING
> PLS ANY HELP WOULD BE APPRECIATED.
>
> ZIPPERS CRIPS
>
> _________________________________________________________________
> MSN 8 with e-mail virus protection service: 2 months FREE*
> http://join.msn.com/?page=features/virus
>
>

-- 
~pingywon MCSE 
http://www.pingywon.com

• Next message: S Walker: "RE: troubles wireless pen test"
• Previous message: Richard Rager: "Re: Limited vs full blown testing"
• In reply to: zcrips xrabbitz: "troubles with wireless pentest"
• Next in thread: Jerry Shenk: "RE: troubles with wireless pentest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:56 EDT