RE: troubles with wireless pentest

From: Jerry Shenk (jshenk@decommunications.com)
Date: Thu Jun 24 2004 - 13:06:43 EDT

• Next message: El C0chin0: "Re: Limited vs full blown testing"
• Previous message: Martin Murray-Brown: "RE: Limited vs full blown testing"
• In reply to: zcrips xrabbitz: "troubles with wireless pentest"
• Next in thread: terrydunlap@netzero.com: "Re: troubles with wireless pentest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

One 'gotcha' might be the slot that the key is in. This seems to be
more of an issue with Cisco gear but some others also. Try putting the
WEP key in all 4 key slots and trying each one as the active key.

-----Original Message-----
From: zcrips xrabbitz [mailto:zcrips_xrabbitz@hotmail.com]
Sent: Wednesday, June 23, 2004 4:57 AM
To: pen-test@securityfocus.com
Cc: zcrips_xrabbitz@hotmail.com
Subject: troubles with wireless pentest

hi everyone,
      i have been taking on my first large and blind wireless pentest
and i
have nearly become lost in the jaws of a wireless network and would
appreciate any help. first i'lll state what i have so far done and seen

the network was encrypted but with wep and large traffic so i was able
to
bruteforce the key
The network in focus is quite large with multiple subnets and lots of
"firewalls"

These I did.

Using kismet I sniffed a whole lot of packets. And decoded them with the

found wep key

Then using my conventional ettercap and ethereal I looked through the
packets.
i sniffed a lot more with ettereal and looked through them for a similar
mac
address but all packets
had i local (destination) ip and mac address

Now The Problem.

I tried to connect to the net work

I used a nice ip to match one on the network
(8.5) i changed mac addresses to match the host i was spoofing.

then i tried to route packets to another client
which failed with the network unreachable error
i tried a traceroute to my target client but it failed too with the same

error

i used ettercap to passively watch traffic and came up with a
comprehensive
list of ip/mac addresses and tried to spoof most of them but still my
packets didn't get routed
i tried using etterape to watch traffic flow and come up with a route
but i
figure out that nearly all traffic was internal most hosts were
connecting
to each other

HELP:
    HOW CAN I ROUTE PACKETS THROUGH TO OTHER CLIENTS OR BECOME A CLIENT
OR IS THERE A BETTER WAY I COULD DO THIS WHOLE PENTEST FROM THE BEGINING
PLS ANY HELP WOULD BE APPRECIATED.

ZIPPERS CRIPS

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus

• Next message: El C0chin0: "Re: Limited vs full blown testing"
• Previous message: Martin Murray-Brown: "RE: Limited vs full blown testing"
• In reply to: zcrips xrabbitz: "troubles with wireless pentest"
• Next in thread: terrydunlap@netzero.com: "Re: troubles with wireless pentest"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:56 EDT