Penetration Testing mailing list archives
Re: Wired captive portal pen-test
From: Roman Medina-Heigl Hernandez <roman () rs-labs com>
Date: Wed, 16 Jul 2008 11:42:05 +0200
Hey palako! :) José M. Palazón Romero escribió:
I saw ARP requests coming from the router and asking for the MAC of several other IPs of the same segment where my laptop was connected (in my case, 192.168.9.x). I didn't catch any ARP responses...You are not supposed to catch them. ARP requests ("Who is x.x.x.x? Tell yy:yy:yy:yy:yy:yy") are broadcasted, but replys ("x.x.x.x is xx:xx:xx:xx:xx:xx") are not. The host with the IP will answer only to the host that generated the query.
You're right...
Beside that, I don't think they are filtering on the switches, keep us posted on your research.About pentesting it, what are you interested in? If you want to escape the captive portal and get Internet for free, you might want to try:http://thomer.com/icmptx/ or http://thomer.com/howtos/nstx.html Or this other amazing thing I discovered some weeks ago: http://samy.pl/chownat/
I don't have the environment to test now, it's late. But at least other hotspot systems solve both (icmp is filtered and DNS traffic is limited by length so it's impractical to tunnel through dns). Next time I'll test the voip stuff, it seems interesting...
Thanks for the ideas to all. -r ------------------------------------------------------------------------ This list is sponsored by: CenzicTop 5 Common Mistakes in Securing Web Applications
Get 45 Min Video and PPT Slides www.cenzic.com/landing/securityfocus/hackinar ------------------------------------------------------------------------
Current thread:
- Re: Wired captive portal pen-test, (continued)
- Re: Wired captive portal pen-test Terry Cutler (Jul 14)
- RE: Wired captive portal pen-test Sergio Castro (Jul 14)
- Re: Wired captive portal pen-test Roman Medina-Heigl Hernandez (Jul 14)
- RE: Wired captive portal pen-test Sergio Castro (Jul 14)
- Re: Wired captive portal pen-test José M. Palazón Romero (Jul 16)
- Re: Wired captive portal pen-test Roman Medina-Heigl Hernandez (Jul 16)
- RE: Wired captive portal pen-test Sergio Castro (Jul 16)
- Re: Wired captive portal pen-test Roman Medina-Heigl Hernandez (Jul 14)
- Re: Wired captive portal pen-test José M. Palazón Romero (Jul 15)
- Re: Wired captive portal pen-test Mario Spinthiras (Jul 16)
- Re: Wired captive portal pen-test Roman Medina-Heigl Hernandez (Jul 16)
- Re: Wired captive portal pen-test Roman Medina-Heigl Hernandez (Jul 16)
- Re: Wired captive portal pen-test Mario Spinthiras (Jul 17)