RE: Lan access via wifi

From: John Forristel (SunGard-Chico) (John.Forristel@sungardbi-tech.com)
Date: Mon Jun 06 2005 - 14:19:24 EDT


I would do a few things:

I would fire up a good sniffer (tcpdump, etc) and see what kind of
traffic is coming across. Is it Windows only? Novell?

I would run NMAP against the whole subnet and see what is really open.
There must be something to talk to, otherwise there is no point of
having the DMZ.

Depending on the machines I found, I would enumerate them and see if
they were routers, PC's, etc. I would check for null or same-as-login
passwords.

Using just \\ipaddress\ probably wouldn't work very well, I'd be trying
to create a null session with "net use \\ipaddress\ipc$ " and see if
that gets you a response. If I got there, I would use a variety of
tools to discover other information about the machines. I'd make sure I
documented all of these tests, that is a major issue.

John

-----Original Message-----
From: Sherwyn Williams [mailto:sherwill22@tmail.com]
Sent: Monday, June 06, 2005 3:47 AM
To: pen-test@securityfocus.com
Subject: Lan access via wifi

Senerio:

Doing a pentest, the client has a wifi router that is not encrypted and
is gaving out dhcp address to any wifi client with a compatible card.
Now my question is once I received a ip address, and I pinged a few
internal clients , how would be a good way for me to gain access to
these internal network.

I tried //ipaddress/ because there is no machine name in the dhcp
routing table. Could not connect that way, I even tried to open up
certain ports via putting the machine on the router dmz and did a scan
with the secuirty features disable, but still there is no open ports.

Thanks in advance.

Sherwyn Williams
Technical Consultant
(917) 650-5139
Sherwill22@tmail.com



This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:22 EDT