Penetration Testing mailing list archives
Re: troubles with wireless pentest
From: pingywon MCSE <pingywon () gmail com>
Date: Thu, 24 Jun 2004 08:40:11 -0400
I would try some good ol` fashion ARP poisioning with CAIN ...spoof yourself as one of the access points/routers/firewalls (too many names for these appliances) #1) get CAIN http://www.oxid.it/cain.html #2) read this limited, but easily written tut on ARP Poisioning - http://www.illmob.org/texts/ifellonmynose.txt good luck! On Wed, 23 Jun 2004 09:56:55 +0100, zcrips xrabbitz <zcrips_xrabbitz () hotmail com> wrote:
hi everyone, i have been taking on my first large and blind wireless pentest and i have nearly become lost in the jaws of a wireless network and would appreciate any help. first i'lll state what i have so far done and seen the network was encrypted but with wep and large traffic so i was able to bruteforce the key The network in focus is quite large with multiple subnets and lots of "firewalls" These I did. Using kismet I sniffed a whole lot of packets. And decoded them with the found wep key Then using my conventional ettercap and ethereal I looked through the packets. i sniffed a lot more with ettereal and looked through them for a similar mac address but all packets had i local (destination) ip and mac address Now The Problem. I tried to connect to the net work I used a nice ip to match one on the network (8.5) i changed mac addresses to match the host i was spoofing. then i tried to route packets to another client which failed with the network unreachable error i tried a traceroute to my target client but it failed too with the same error i used ettercap to passively watch traffic and came up with a comprehensive list of ip/mac addresses and tried to spoof most of them but still my packets didn't get routed i tried using etterape to watch traffic flow and come up with a route but i figure out that nearly all traffic was internal most hosts were connecting to each other HELP: HOW CAN I ROUTE PACKETS THROUGH TO OTHER CLIENTS OR BECOME A CLIENT OR IS THERE A BETTER WAY I COULD DO THIS WHOLE PENTEST FROM THE BEGINING PLS ANY HELP WOULD BE APPRECIATED. ZIPPERS CRIPS _________________________________________________________________ MSN 8 with e-mail virus protection service: 2 months FREE* http://join.msn.com/?page=features/virus
-- ~pingywon MCSE http://www.pingywon.com
Current thread:
- troubles with wireless pentest zcrips xrabbitz (Jun 23)
- Re: troubles with wireless pentest Jason Ostrom (Jun 24)
- Re: troubles with wireless pentest pingywon MCSE (Jun 24)
- RE: troubles with wireless pentest Jerry Shenk (Jun 24)
- Re: troubles with wireless pentest Max (Jun 25)
- Re: troubles with wireless pentest Max (Jun 27)
- <Possible follow-ups>
- Re: troubles with wireless pentest terrydunlap () netzero com (Jun 24)