Penetration Testing mailing list archives

Re: troubles with wireless pentest

From: pingywon MCSE <pingywon () gmail com>
Date: Thu, 24 Jun 2004 08:40:11 -0400

I would try some good ol` fashion ARP poisioning with CAIN ...spoof
yourself as one of the access points/routers/firewalls (too many names
for these appliances)

#1) get CAIN http://www.oxid.it/cain.html
#2) read this limited, but easily written tut on ARP Poisioning - 

http://www.illmob.org/texts/ifellonmynose.txt

good luck!


On Wed, 23 Jun 2004 09:56:55 +0100, zcrips xrabbitz
<zcrips_xrabbitz () hotmail com> wrote:


hi everyone,
     i have been taking on my first large and blind wireless pentest and i
have nearly become lost in the jaws of a wireless network and would
appreciate any help. first i'lll state what i have so far done and seen

the network was encrypted but with wep and large traffic so i was able to
bruteforce the key
The network in focus is quite large with multiple subnets and lots of
"firewalls"

These I did.

Using kismet I sniffed a whole lot of packets. And decoded them with the
found wep key

Then using my conventional ettercap and ethereal I looked through the
packets.
i sniffed a lot more with ettereal and looked through them for a similar mac
address but all packets
had i local (destination) ip and mac address

Now The Problem.

I tried to connect to the net work

I used a nice ip to match one on the network
(8.5) i changed mac addresses to match the host i was spoofing.

then i tried to route packets to another client
which failed with the network unreachable error
i tried a traceroute to my target client but it failed too with the same
error

i used ettercap to passively watch traffic and came up with a comprehensive
list of ip/mac addresses and tried to spoof most of them but still my
packets didn't get routed
i tried using etterape to watch traffic flow and come up with a route but i
figure out that nearly all traffic was internal most hosts were connecting
to each other

HELP:
   HOW CAN I ROUTE PACKETS THROUGH  TO OTHER CLIENTS OR BECOME A CLIENT
OR IS THERE A BETTER WAY I COULD DO THIS WHOLE PENTEST FROM THE BEGINING
PLS ANY HELP WOULD BE APPRECIATED.

ZIPPERS CRIPS

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*
http://join.msn.com/?page=features/virus



-- 


~pingywon MCSE 
http://www.pingywon.com

Current thread:

troubles with wireless pentest zcrips xrabbitz (Jun 23)
- Re: troubles with wireless pentest Jason Ostrom (Jun 24)
- Re: troubles with wireless pentest pingywon MCSE (Jun 24)
- RE: troubles with wireless pentest Jerry Shenk (Jun 24)
- Re: troubles with wireless pentest Max (Jun 25)
- Re: troubles with wireless pentest Max (Jun 27)
- <Possible follow-ups>
- Re: troubles with wireless pentest terrydunlap () netzero com (Jun 24)