Full Disclosure mailing list archives

Re: Troubles with Wireless pentest

From: Filipe Almeida <filipe.almeida () gmail com>
Date: Mon, 21 Jun 2004 20:00:55 +0100

Hi,
First, you should get the mac address of the gateway. This is easy,
just look at the destination mac of the outgoing packets or the source
mac of incoming packets.
Then add a static arp entry of an ip of your subnet with that mac
address and use it as the gateway.
Traceroute or record route should get you the real ip of the gateway.

Regards,
Filipe Almeida
http://community.sidestep.pt/~filipe/


----- Original Message -----
From: sammy adedayo <sammyscity () yahoo com>
Date: Mon, 21 Jun 2004 10:41:28 -0700 (PDT)
Subject: [Full-disclosure] Troubles with Wireless pentest
To: bugtraq () securityfocus com, full-disclosure () lists netsys com,
vulnwatch () vulnwatch org
Cc: zcrips_xrabbitz () hotmail com





A little help would be appreciated on this.


 


       A few problems occurred during a wireless pentest I am
presently undertaking. First a foundation,


1) The pentest was a zero knowledge kind,  no information was given,
in fact we were forbidden to ask for help from any of the staffs


These I found during the first day.


2) The network had a weak point = its wireless network.


3) The wireless network was encrypted but with the weak wep and for a
large corporation the data captured was enough to get the key


4) The network in focus is quite large with multiple subnets and lots
of �firewalls�


These I did.


5) Using kismet I sniffed a whole lot of packets. And decoded them
with the found wep key


6) Then using my conventional ettercap and ethereal I looked through
the packets.


Now The Problem.


7) I tried to connect to the net work 


8) I used a nice ip to match those on the network


9) Then I used ettercap to try and passively find the gateway but could not


10) I used etterape to watch the packet flow but I could not figure
out the gateway from all that traffic


HELP


HOW CAN I GET THE GATEWAY FOR THE WIRELESS NETWORK  AND IS THERE ANY
WAY I COULD ROUTE PACKETS TO / CONNECT TO/ SCAN THE REST OF THE
MACHINES ON THE NETWORK WITH OUT THE GATEWAYS ADDRESS.


 


OR IS THERE A BETTER WAY TO DO THE WHOLE PENTEST?


Pls help would be gladly appreciated.


Any ideas are welcome. THANKS�


 


Zippers crips


 


The Zcrips Inc


-----------------------------------------------------------------


a man is only limited by his imaginative abilities


 


                ________________________________
Do you Yahoo!?

Yahoo! Mail - You care about security. So do we.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Troubles with Wireless pentest sammy adedayo (Jun 21)
- Re: Troubles with Wireless pentest Filipe Almeida (Jun 21)
- <Possible follow-ups>
- Re: Troubles with Wireless pentest zcrips xrabbitz (Jun 22)